I have been selected as the General Area Review Team (Gen-ART) reviewer for this draft (for background on Gen-ART, please see http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html). Please wait for direction from your document shepherd or AD before posting a new version of the draft. Document: draft-ietf-tcpm-tcpsecure-11.txt Reviewer: Brian Carpenter Review Date: 2009-04-17 IETF LC End Date: 2009-04-16 IESG Telechat date: 2009-04-23 Summary: Ready (minor comments) -------- Comments: --------- This draft is clear and well explained. I have no comments that would block approval. The authors have agreed to the editorial comments. There's a reference in the Acknowledgements to some interoperability testing, which I understood took place about 5 years ago. This is good news since the draft changes some very basic host behaviour. I wonder whether it might not be useful for this rather special case to file an interop report, even though that is not required for PS? Editorial issues: ----------------- 6. Suggested Mitigation strengths As described in the above sections, recommendation levels for RST, SYN and DATA are tagged as SHOULD, SHOULD and MAY respectively. The reason that DATA mitigation is tagged as MAY, even though it increased the TCP robustness in general is because, the DATA injection is perceived to be more difficult (twice less unlikely) when compared to RST and SYN counterparts. Surely that should be "(twice as unlikely)"? "less unlikely" seems to be the opposite of "more difficult". There is at least one occurrence of "it's" where the word intended is "its". Randy Stewart's email address is wrong Authors need to decide whether they need the pre-RFC5378 disclaimer for any material they didn't contribute personally. == Unused Reference: 'RFC3562' is defined on line 774, but no explicit reference was found in the text