Greetings,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.

The summary of the review is "Ready With Nit".

   This draft deals with congestion control and specifies a method of
selecting parameters in a way to more quickly increase the rate at
which data can be sent as controlled by the congestion window. It
calls this "Careful Resume. It is a very complete and well-written
document. My one gripe is the Security Considerations which say:

   "This document does not exhibit specific security considerations."

And that's it. It would be nice if the authors could say *why* they
do not think there are specific security considerations. You know,
let the reader think they actually did some analysis and didn't just
write that to fill in a mandatory section of an I-D.

   (I seem to remember that Jeff Schiller, when he was Security AD,
issued an edict saying you can't just say "this draft doesn't have any
security considerations". I'm not aware of that being rescinded).

   Now, when I look at how Careful Resume works, it looks like any
adversary mucking with it would result in a fallback to normal
congestion control so it doesn't look like this document actually has
any specific security considerations. And if that's the case, then it
would be nice for the Security Considerations to say something like
that.

   regards,

   Dan.

-- 
"The object of life is not to be on the side of the majority, but to
escape finding oneself in the ranks of the insane." -- Marcus Aurelius