Re: [rmcat] Secdir last call review of draft-ietf-rmcat-nada-11
Gorry Fairhurst <gorry@erg.abdn.ac.uk> Tue, 13 August 2019 07:57 UTC
Return-Path: <gorry@erg.abdn.ac.uk>
X-Original-To: rmcat@ietfa.amsl.com
Delivered-To: rmcat@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5794C120091; Tue, 13 Aug 2019 00:57:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R36mZicGgru8; Tue, 13 Aug 2019 00:57:11 -0700 (PDT)
Received: from pegasus.erg.abdn.ac.uk (pegasus.erg.abdn.ac.uk [IPv6:2001:630:42:150::2]) by ietfa.amsl.com (Postfix) with ESMTP id E2A16120074; Tue, 13 Aug 2019 00:57:07 -0700 (PDT)
Received: from MacBook-Pro-5.local (fgrpf.plus.com [212.159.18.54]) by pegasus.erg.abdn.ac.uk (Postfix) with ESMTPSA id 737FE1B0015C; Tue, 13 Aug 2019 08:56:59 +0100 (BST)
Message-ID: <5D526D4A.5010304@erg.abdn.ac.uk>
Date: Tue, 13 Aug 2019 08:56:58 +0100
From: Gorry Fairhurst <gorry@erg.abdn.ac.uk>
Reply-To: gorry@erg.abdn.ac.uk
Organization: University of Aberdeen
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Sean Turner <sean@sn3rd.com>
CC: Sean Turner via Datatracker <noreply@ietf.org>, secdir@ietf.org, rmcat@ietf.org, draft-ietf-rmcat-nada.all@ietf.org, ietf@ietf.org
References: <156565849881.20488.4580765481520503258@ietfa.amsl.com>
In-Reply-To: <156565849881.20488.4580765481520503258@ietfa.amsl.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/rmcat/luDKn2sg8edOG_C8nIfn41YnDxM>
Subject: Re: [rmcat] Secdir last call review of draft-ietf-rmcat-nada-11
X-BeenThere: rmcat@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "RTP Media Congestion Avoidance Techniques \(RMCAT\) Working Group discussion list." <rmcat.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rmcat>, <mailto:rmcat-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rmcat/>
List-Post: <mailto:rmcat@ietf.org>
List-Help: <mailto:rmcat-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rmcat>, <mailto:rmcat-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Aug 2019 07:57:13 -0000
See below: On 13/08/2019, 02:08, Sean Turner via Datatracker wrote: > Reviewer: Sean Turner > Review result: Has Nits > > Hi! I'm no congestion control expert so nothing in the main body jumped out at > me. I did take a little time to review some security considerations for other > congestion control RFCs and just wanted to make sure the same kind of > information is getting addressed. I indicated the result of this review as > "has nits" because there is a pretty good chance I am just suggesting some > editorial tweaks. > > The security considerations rightly points out that this mechanism is > susceptible to the same kind of attacks as TCP (e.g., hijack, replacement) and > what mitigations to use (i.e., integrity protection of the RTCP feedback > messages). But, what is missing is what happens if these attacks succeed: DoS > or in the worst case congestion collapse? So, maybe instead of: > > As such, it is vulnerable to attacks where feedback > messages are hijacked, replaces, or intentionally injected with > misleading information, similar to those that can affect TCP. > > Maybe: > > As such, it is vulnerable to attacks where feedback > messages are hijacked, replaces, or intentionally injected with > misleading information resulting in denial of service, similar > to those that can affect TCP. > > Also, unless I've completely misread this paragraph it seems like you are > talking about two things: 1) it's just like TCP, and 2) "The modification of > sending rate ...". So, maybe split the paragraph along those lines. > > Further questions: > > 1. Are there any concerns related to a greedy receiver who wants to gobble up > more than its fair share of network bandwidth? > > 2. Seems like maybe you also need to refer to the RTP/RTCP security > considerations because it seems like security primarily needs to be considered > in the context of a specific transport protocol and its authentication > mechanisms. > > Cheers, > > spt I also think that text (or similar) would also be valuable in the security considerations section. Gorry
- [rmcat] Secdir last call review of draft-ietf-rmc… Sean Turner via Datatracker
- Re: [rmcat] Secdir last call review of draft-ietf… Gorry Fairhurst
- Re: [rmcat] Secdir last call review of draft-ietf… Mirja Kuehlewind
- Re: [rmcat] Secdir last call review of draft-ietf… Colin Perkins
- Re: [rmcat] Secdir last call review of draft-ietf… Xiaoqing Zhu (xiaoqzhu)
- Re: [rmcat] Secdir last call review of draft-ietf… Gorry Fairhurst
- Re: [rmcat] Secdir last call review of draft-ietf… Gorry Fairhurst
- Re: [rmcat] Secdir last call review of draft-ietf… Xiaoqing Zhu (xiaoqzhu)