I have been selected as the General Area Review Team (Gen-ART) reviewer for this draft (for background on Gen-ART, please see http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html).
Please wait for direction from your document shepherd or AD before posting a new version of the draft. Document: draft-ietf-tsvwg-port-randomization-06 Reviewer: Avshalom Houri Review Date: 2010-03-03 Last Call Date: 2010-03-02 IESG Telechat date: 2010-03-4 Summary: The document is not ready for publication as a BCP. Major issues: The document is lacking explanation on the when and how that the techniques that are described in the document will be used. There are many ways to protect the network and it is not clear when and how the specific techniques that are described in the document will be used, how they relate to other ways etc. The introductory part of the document (up to and including section 3.2) seems lengthy and repeating while it is lacking some background as described in the previous paragraph. Minor issues: Lines 624-626 However, it may be affected by the vector involving binding a more specific socket. -- Not clear Lines 644-645 Ephemeral port selection algorithms SHOULD use the largest possible port range, since this improves obfuscation. -- Should be merged with lines 632-634 As mentioned in Section 2.1, the dynamic ports consist of the range 49152-65535. However, ephemeral port selection algorithms should use the whole range 1024-49151. Lines 870-871 and alternative IP addresses may be included in the association negotiation and either of these could be used in the offset function -- What is meant by "association negotiation"? (repeats also in line 879). Lines 1040-0144 The smaller the value of "N", the more linear the more similar this algorithm is to the traditional BSD port selection algorithm (described in Section 2.2. The larger the value of "N", the more similar this algorithm is to the algorithm described in Section 3.3.1 of this document. -- Need to rephrase Nits/editorial comments: Line 512: There are a number of factors to consider when designing an algorithm -> There are number of factors to consider when designing an algorithm Line 622 DCCP is not affected is not affected by the exploitation of -> DCCP is not affected by the exploitation of Line 799 will not have different sequences of port numbers; i.e., wil not be -> will not have different sequences of port numbers; i.e., will not be Line 869 availability an the granularity requested. With SCTP both hostnames -> availability and the granularity requested. With SCTP both hostnames --Avshalom
_______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
