Document:   draft-ietf-dccp-problem-03
Reviewer: Lakshminath Dondeti [ldondeti@qualcomm.com]
Review Date: Wednesday 9/14/2005 6:24 PM CST 
Telechat Date:  Thursday 9/15/2005

Summary: Very well written; however, missing security considerations ...

I enjoyed reading the I-D immensely; as I was nearing the end, I was hoping 
to see the authors' recommendations on security protocols for a datagram 
congestion control protocol.   Unfortunately, security did not make the cut 
in Section 5 on Additional Design Considerations.  Furthermore, Section 8 
on Security Considerations says that there are no security considerations 
for this document.  I disagree!

Here are some questions the security considerations section might address:

1. I use SRTP/IPsec/DTLS for my VoIP traffic and now that a motivation for 
a DCCP being proposed, what are the implications on the existing security 
protocols.  Would they work without modifications or would there be any 
special considerations (for instance the DTLS draft has a paragraph on what 
might be different w.r.t. the DCCP vs. UDP).

2. TCP and UDP have different security considerations (e.g., reset attacks 
in TCP don't apply to UDP).  Would a DCCP be similar to TCP or UDP in 
security issues?

The answers may be obvious to folks active in this area, but not 
necessarily to an average reader.

As Russ suggested in his comments, DoS considerations and FW traversal as 
noted in other parts of the draft might be repeated in the security 
considerations section as well.

Nit: The abstract says the document is a historical record.  In that case, 
please delete the sentence starting with "The current version of DCCP 
includes no multihoming ..." in Section 5 (for future proofing this 
document in the face of changes to the DCCP specification).