I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. Please resolve these comments along with any other Last Call comments you may receive. Document: draft-ietf-karp-routing-tcp-analysis-05.txt Reviewer: Ben Campbell Review Date: 2012-11-14 IETF LC End Date: 2012-11-19 Summary: This draft is almost ready for publication as an informational RFC. There are a few minor issues and a number of editorial issues that should be considered prior to publication. *** Major issues ***: None *** Minor issues *** : -- section 2.2, last paragraph: The IKE mention lacks context. Do you mean to suggest IKE with IPSec? I assume so, but there's been no mention of IPSec so far. -- section 2.3.2: It would be helpful for this section to describe whether privacy issues actually matter or not, rather than just stating the issues to be similar to those for other routing protocols. -- section 3.1, 2nd paragraph: Does this mean that privacy is really not needed, or just that LDP does not state a requirement for privacy? -- Section 6 (Security Considerations), 4th paragraph: If replay protection is required, shouldn't the draft discuss the details somewhere? I see only one mention in passing outside of this section. *** Nits/editorial comments ***: -- IDNits indicates some unused and obsoleted references. Please check. -- The IANA considerations section is missing. If the draft makes requests of IANA, it should include the section and state that. -- the short title is "The IANA considerations section is missing. If the draft makes requests of IANA, it should include the section and say that -- The short title is "draft-ietf-karp-routing-tcp-analysis-05.txt". Is this draft in any way specific to TCP? If so, it would be helpful to mention that in the abstract and introduction. -- Punctuation errors are pervasive, particularly in the early and late sections. These make it harder to read than it needs to be. In particular, I suggest the draft be proofread for missing commas and missing quotes (or other marks) around document titles. -- Section 1, paragraph 1: The cited doc name should be quoted, or otherwise marked. Also, it's not necessary to put the full reference here, since you are citing the references section. -- Section 1, paragraph 1: "Four main steps were identified for that tightening:" For what tightening? This is the first mention. Perhaps the previous sentence should have gone on to say "... and suggests steps to tighten the infrastructure against the attack"? -- section 1, 1st paragraph after numbered list: The end of the paragraph does not seem related to the beginning. I suggest a paragraph split before the sentence starting with "The OPSEC working group..." -- section 1, 2nd to last paragraph: "current state of security method" Missing article before "security method". -- section 1.1: Why is 2119 language needed? I see two potentially normative statements--but both of those merely describe the existing MAC requirements in TCP-AO. It would be better to state those in descriptive language (e.g. TCP-AO requires…) and to drop the 2119 section entirely. -- section 2.1, 5th paragraph: A mention of SHA1 seems needed here. Section 2.3.1.2 states the concerns about TCP-md5 more clearly. -- section 2.3.1.2, 1st paragraph: "As stated above..." A section reference would be helpful. -- section 4, 2nd paragraph: "In addition Improving TCP’s Robustness to Blind In-Window Attacks." sentence fragment. -- section 4, 3rd paragraph: It would have been helpful to mention the MKT manual config issue back in the "state of the security method" sections.