Re: [AVTCORE] Tsvart last call review of draft-ietf-avtcore-cc-feedback-message-08

Colin Perkins <> Thu, 17 September 2020 22:39 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9445E3A0D69; Thu, 17 Sep 2020 15:39:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id WfYgrpKt9TVc; Thu, 17 Sep 2020 15:39:22 -0700 (PDT)
Received: from ( [IPv6:2a00:1098:0:82:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DB6CE3A0D66; Thu, 17 Sep 2020 15:39:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;; s=mythic-beasts-k1; h=To:Date:From:Subject; bh=UE4M4sjbIlzrtQ0SV0y5hntS+lrcoT6n4Wf5fBIb868=; b=qXn7Hq9Th4Zf6I7Df5nQu8sE9/ hw//JVrz+yUueptcc3oxV99WDWkhBWVvn55wFD9DP/2PG/wolCMB8FM6fav+iE/VsbS7QaT0JZPyh fjJlzBKhh2lufp9yUfN52s/wvs51Y92VRIXXbniPRwTcwkJ66Z8/L3wuQ1lsvtIGT/fIy3rWCfgK4 0PWRoKzfJlD+EJgBJCALAjKbCVQYcFpEYF82ykt9oDs/RodP8fkiVsMtYI6YBZZHWz+8/pSxYRlb3 sQLb18xJFbA1orrdbRUoes4pXC72tJ0Yt7d+yqG9ZvHjyU5Ih25aVB0Nf4f2tLNp8kV/s28WHkRpW DbjsDrbA==;
Received: from [] (port=42530 helo=[]) by with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from <>) id 1kJ2Ye-00029S-AI; Thu, 17 Sep 2020 23:39:20 +0100
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.15\))
From: Colin Perkins <>
In-Reply-To: <>
Date: Thu, 17 Sep 2020 23:39:08 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <>
To: Michael Scharf <>
X-Mailer: Apple Mail (2.3445.104.15)
X-BlackCat-Spam-Score: 4
Archived-At: <>
Subject: Re: [AVTCORE] Tsvart last call review of draft-ietf-avtcore-cc-feedback-message-08
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 17 Sep 2020 22:39:24 -0000

Hi Michael,

> On 9 Sep 2020, at 09:22, Michael Scharf via Datatracker <> wrote:
> Reviewer: Michael Scharf
> Review result: Ready with Issues
> This document has been reviewed as part of the transport area review team's
> ongoing effort to review key IETF documents. These comments were written
> primarily for the transport area directors, but are copied to the document's
> authors and WG to allow them to address any issues raised and also to the IETF
> discussion list for information.
> When done at the time of IETF Last Call, the authors should consider this
> review as part of the last-call comments they receive. Please always CC
> if you reply to or forward this review.
> Major issues
> -------------
> None
> Minor issues
> -------------
> 1/ Section 5:
>   All RTP congestion control algorithms MUST specify how they
>   respond to the loss of feedback packets.
> This is a process-related requirement not relevant for interoperability of
> implementations. In addition, the requirement is not very specific (What would
> have to be specified?). I am not sure if such a requirement in capital letters
> is really needed here. This should be handled consistently in all IETF
> documents.

Happy to change this to “need to specify”, but I also think “MUST” is appropriate. RTCP congestion control feedback packets can carry information about a larger number of data packets than is typical for, e.g., TCP ACKs, so it might be considered more critical that response to loss of feedback is defined.

> 2/ Section 11:
> The Security Considerations do not discuss off-path attacks, and it is not
> clear why this case is missing. Can an off-path attacker trick the sender into
> sending at either an excessively high or excessively low rate?

An off-path attacker can’t modify RTCP congestion control feedback, but they could potentially spoof such packets. The fix is the same: use Secure RTP to authenticate. Will clarify.

> Nits
> ----
> 1/ Abstract:
> The protocol extension enables fine-grained feedback on per-packet reception
> quality. The rationale is provided in Section 1 and (more comprehensively) in
> Section 8. Yet, I wonder if this objective could also be made a bit more
> explicit in the abstract, e.g., along the lines of the "fine-grained feedback"
> wording in the first paragraph of Section 8.

Sure, seems reasonable.

> 2/ Section 7:
> Typo in "a=ecn-capaable-rtp:”

Will fix.

Colin Perkins