Re: WG Last-Call (WGLC) for comments: draft-ietf-dccp-dtls-02

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 17 Oct 2007, at 12:57, Gorry Fairhurst wrote:
This note starts the WG Last-Call for comments for the WG document named below: 

Datagram Transport Layer Security (DTLS) over
the Datagram Congestion Control Protocol (DCCP)
http://tools.ietf.org/html/draft-ietf-dccp-dtls-02

This Last-Call will end on midnight, 2nd November 2007.
Members of the IETF dccp WG are now asked to read the above draft and send any issues, comments, or corrections to this mailing list. The WGLC 
procedure is the last chance for this working group to modify/correct
this document. This document is intended for publication as an PROPOSED STANDARD RFC.
Please *DO* forward any comments to the list. The document shepherd for 
the process following completion of the WGLC shall be me, as the dccp
Co-Chair (Gorry Fairhurst).


This draft is generally fine, but I do have some comments.

1) The DTLS specification [RFC 4347 section 4.1.1] notes that:
Some transports, such as DCCP, provide congestion control for traffic carried over them. If the congestion window is sufficiently narrow, 
   DTLS handshake retransmissions may be held rather than transmitted
   immediately, potentially leading to timeouts and spurious
retransmission. When DTLS is used over such transports, care should be taken not to overrun the likely congestion window. In the future, a DTLS-DCCP mapping may be specified to provide optimal behavior for 
   this interaction.
There seems to be no such optimisation specified. If this is intentional, it would be appropriate to add a sentence to note that the issue was considered and rejected.
2) DTLS packets may be rejected according to the anti-replay protection algorithm [RFC 4347 section 4.1.2.5]. Are there any interactions between this and the synchronisation features of DCCP [RFC 4340 section 7.5]? It would seem that there might be scope for optimisation, by performing only one sliding window sequence number validity check.
3) Does the lifetime of the DTLS session always match the lifetime of the DCCP session? If not, for example if a DCCP session starts insecure, then switches to DTLS after application level negotiation to determine whether the peer supports DTLS, what would be an appropriate service code? 

--
Colin Perkins
http://csperkins.org/
[Index of Archives]     [Linux Kernel Development]     [Linux DCCP]     [IETF Annouce]     [Linux Networking]     [Git]     [Security]     [Linux Assembly]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [DDR & Rambus]

  Powered by Linux