Early Review of draft-ietf-tcpm-accurate-ecn-14
review-ietf-tcpm-accurate-ecn-14-secdir-early-kelly-2021-04-15-00
| Request | Review of | draft-ietf-tcpm-accurate-ecn-14 |
|---|---|---|
| Requested revision | 14 (document currently at 28) | |
| Type | Early Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2021-04-01 | |
| Requested | 2021-03-06 | |
| Requested by | Yoshifumi Nishida | |
| Authors | Bob Briscoe , Mirja Kühlewind , Richard Scheffenegger | |
| I-D last updated | 2021-04-15 | |
| Completed reviews |
Secdir Early review of -14
by Scott G. Kelly
(diff)
|
|
| Comments |
The main security concern for this draft is covert channel discussion which is described in the 4th paragraph in Security Consideration section. In a nutshell, the TCP option defined in the draft can contain up to 29 byte length of undefined information for future extensions. However, there are some opinions that this could be utilized as a covert channel. As a PS doc, this draft mandates middleboxes not to remove or alter the option (Section 3.3.2) and 29 bytes is relatively large space, one may want to encode some meaningful info inside it. This might be used for tracking or other malicious purposes, although this may not be specific to this option. We would like to check on this point with early SECDIR reviews before finalizing the document. We appreciate if we could get reviews on other points as well. |
|
| Assignment | Reviewer | Scott G. Kelly |
| State | Completed | |
| Request | Early review on draft-ietf-tcpm-accurate-ecn by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/dCPV35Bo6lnn19jMvMBfLuH6PHs | |
| Reviewed revision | 14 (document currently at 28) | |
| Result | Has issues | |
| Completed | 2021-04-12 |
review-ietf-tcpm-accurate-ecn-14-secdir-early-kelly-2021-04-15-00
Error; cannot read (/assets/ietfdata/doc/review/review-ietf-tcpm-accurate-ecn-14-secdir-early-kelly-2021-04-15.txt)