draft-ietf-tcpm-ecnsyn-08.txt

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This is an interesting and well-written document, I enjoyed reading
it.  It is about an optional, experimental modification to RFC 3168 to
allow TCP SYN/ACK packets to be ECN-Capable.  The TCP initiator can
use this information to reduce its initial congestion window.  In
simulation, there is a compelling argument that this helps to improve
response time during heavy congestion..

The draft argues that the mechanism introduces no security problems,
using arguments that bound any potential problems by known existing
behaviors.  I have no reason to believe that the analysis is wrong.  My
only caveat is that the combined state machine for TCP and ECN seems
complicated, I don't know that all cases are really covered by the
draft authors.  Perhaps someone could do that if this draft ever moves
toward standard.

Hilarie Orman