[secdir] Secdir last call review of draft-ietf-rmcat-nada-11

Sean Turner via Datatracker <noreply@ietf.org> Tue, 13 August 2019 01:08 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E5942120033; Mon, 12 Aug 2019 18:08:18 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Sean Turner via Datatracker <noreply@ietf.org>
To: <secdir@ietf.org>
Cc: rmcat@ietf.org, draft-ietf-rmcat-nada.all@ietf.org, ietf@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.100.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Sean Turner <sean@sn3rd.com>
Message-ID: <156565849881.20488.4580765481520503258@ietfa.amsl.com>
Date: Mon, 12 Aug 2019 18:08:18 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/GbWIv1GOqJbCiE3nqRr64ptv8-4>
Subject: [secdir] Secdir last call review of draft-ietf-rmcat-nada-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Aug 2019 01:08:19 -0000

Reviewer: Sean Turner
Review result: Has Nits

Hi! I'm no congestion control expert so nothing in the main body jumped out at
me.  I did take a little time to review some security considerations for other
congestion control RFCs and just wanted to make sure the same kind of
information is getting addressed.  I indicated the result of this review as
"has nits" because there is a pretty good chance I am just suggesting some
editorial tweaks.

The security considerations rightly points out that this mechanism is
susceptible to the same kind of attacks as TCP (e.g., hijack, replacement) and
what mitigations to use (i.e., integrity protection of the RTCP feedback
messages).  But, what is missing is what happens if these attacks succeed: DoS
or in the worst case congestion collapse?  So, maybe instead of:

   As such, it is vulnerable to attacks where feedback
   messages are hijacked, replaces, or intentionally injected with
   misleading information, similar to those that can affect TCP.

Maybe:

   As such, it is vulnerable to attacks where feedback
   messages are hijacked, replaces, or intentionally injected with
   misleading information resulting in denial of service, similar
   to those that can affect TCP.

Also, unless I've completely misread this paragraph it seems like you are
talking about two things: 1) it's just like TCP, and 2) "The modification of
sending rate ...".  So, maybe split the paragraph along those lines.

Further questions:

1. Are there any concerns related to a greedy receiver who wants to gobble up
more than its fair share of network bandwidth?

2. Seems like maybe you also need to refer to the RTP/RTCP security
considerations because it seems like security primarily needs to be considered
in the context of a specific transport protocol and its authentication
mechanisms.

Cheers,

spt