Re: [secdir] Secdir last call review of draft-ietf-rmcat-video-traffic-model-06
Colin Perkins <csp@csperkins.org> Thu, 24 January 2019 19:39 UTC
Return-Path: <csp@csperkins.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D74F1277BB; Thu, 24 Jan 2019 11:39:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6ipCnsSkUvYo; Thu, 24 Jan 2019 11:39:56 -0800 (PST)
Received: from haggis.mythic-beasts.com (haggis.mythic-beasts.com [IPv6:2a00:1098:0:86:1000:0:2:1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 838C1130F06; Thu, 24 Jan 2019 11:39:56 -0800 (PST)
Received: from [81.187.2.149] (port=33107 helo=[192.168.0.68]) by haggis.mythic-beasts.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <csp@csperkins.org>) id 1gmkqs-0002Qw-KT; Thu, 24 Jan 2019 19:39:55 +0000
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Colin Perkins <csp@csperkins.org>
In-Reply-To: <154835782178.29376.11315332570255821000@ietfa.amsl.com>
Date: Thu, 24 Jan 2019 19:39:45 +0000
Cc: secdir@ietf.org, rmcat@ietf.org, draft-ietf-rmcat-video-traffic-model.all@ietf.org, ietf@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <4474F01B-D594-485D-BAC5-E64703406A34@csperkins.org>
References: <154835782178.29376.11315332570255821000@ietfa.amsl.com>
To: Yoav Nir <ynir.ietf@gmail.com>
X-Mailer: Apple Mail (2.3273)
X-BlackCat-Spam-Score: 4
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/85DqxzBtxe8qFkets6xSqb2hlyU>
Subject: Re: [secdir] Secdir last call review of draft-ietf-rmcat-video-traffic-model-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jan 2019 19:39:59 -0000
> On 24 Jan 2019, at 19:23, Yoav Nir <ynir.ietf@gmail.com> wrote: > > Reviewer: Yoav Nir > Review result: Has Nits > > I have reviewed this document as part of the security directorate's ongoing > effort to review all IETF documents being processed by the IESG. Document > editors and WG chairs should treat these comments just like any other last call > comments. > > To quote from the abstract, the document "describes two reference video traffic > models for evaluating RTP congestion control algorithms". Indeed it does not > describe any protocol or algorithm that is going to get deployed on the > Internet, but rather a model for evaluating congestion control algorithm before > they are standardized or deployed. As such, I would not expect it to have much > to say on security, either good or bad. > > It is conceivable that a congestion control algorithm would be exploitable by > an attacker. For example, some pattern of traffic might trigger such an > algorithm to block or slow down traffic for a victim. It may be a good idea to > evaluate whether such algorithms are conducive to such attacks. But speculation > such as this are not related to the draft. This draft is about evaluating > congestion control algorithms for their effect on video quality and frame rates. > > So what is my nit with this? Why does the Security Considerations section > contains what it does? > > It is important to evaluate RTP-based congestion control schemes > using realistic traffic patterns, so as to ensure stable operations > of the network. Therefore, it is RECOMMENDED that candidate RTP- > based congestion control algorithms be tested using the video traffic > models presented in this draft before wide deployment over the > Internet. > > This is interesting, but I don't think it has much to do with security. IMO it > would be enough to say that this document introduces models for evaluation and > doesn't have any security implications. The existing text should go somewhere > else. To my mind, the security implication is that the algorithm be tested to demonstrate that it doesn’t cause denial-of-service when operating with realistic traffic. This could be, as you note above, that it disrupts the video application by forcing the sending rate to zero; but it’s also important to check that it doesn’t send overly quickly and congest the network, so denying service to other flows. -- Colin Perkins https://csperkins.org/
- [secdir] Secdir last call review of draft-ietf-rm… Yoav Nir
- Re: [secdir] Secdir last call review of draft-iet… Colin Perkins
- Re: [secdir] Secdir last call review of draft-iet… Xiaoqing Zhu (xiaoqzhu)