Last Call Review of draft-ietf-tcpm-tcpsecure-
review-ietf-tcpm-tcpsecure-secdir-lc-murphy-2009-04-24-00

Request Review of draft-ietf-tcpm-tcpsecure
Requested rev. no specific revision (document currently at 13)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2009-05-05
Requested 2009-04-02
Authors Randall Stewart, Mitesh Dalal, Anantha Ramaiah
Draft last updated 2009-04-24
Completed reviews Secdir Last Call review of -?? by Sandra Murphy
Assignment Reviewer Sandra Murphy
State Completed
Review review-ietf-tcpm-tcpsecure-secdir-lc-murphy-2009-04-24
Review completed: 2009-04-24

Review
review-ietf-tcpm-tcpsecure-secdir-lc-murphy-2009-04-24

I've been on the road, so this is just a quick note to say that I still 


have questions, with a promise of more full answer when I get back to the 


office tomorrow.  All the following done really from memory from a 


re-review yesterday.  Just  so you know I haven't forgotten you.




About quoting text:



The example you point to of what each mitigation says is a good case. 


(what is "rg"?)






You posit a case 1 and case 2.  This is a summary of what 793 says, not a 


quote.  793 spreads the discussion over 2 pages.  your case 1 is 


represented in a parenthetical remark in an "otherwise" clause - hard to 


find.  And you have a typo in the inequality.  And the case 2 in 793 is 


broken out over three different groupings of states.  Do you mean the new 


ACK to be generated in all three state groups?




About the stingency.



If UNA is 1000, Max.snd.wnd is 50, and the ack is 975, then in 793, the 


ack is < UNA and so "it is ignored", in your draft the ack is > 


UNA-max.snd.wnd so it is acceptable.




So your draft accepts more ACKs that 793.



Have I lost my ability to tell > from <?  Do you regard accepting more 


ACKS as "more stringent"?




About the guidance to implementors.



It still looks to me like this guidance is only useful to implementors who 


are implementing both the OS TCP stack *AND* the application.  I.E., 


freebsd won't know whether this to follow the guidance or not but 


cisco/juniper/etc will.




What is the "AS"?

About grammar checks:



And you did not miss email, I lost my marked up copy, so I've  gone 


through for the grammar check again (don't think I found all that many 


nits) and will send to you.




--Sandy