[secdir] Secdir last call review of draft-ietf-rmcat-nada-11
Sean Turner via Datatracker <noreply@ietf.org> Tue, 13 August 2019 01:08 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id E5942120033; Mon, 12 Aug 2019 18:08:18 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Sean Turner via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: rmcat@ietf.org, draft-ietf-rmcat-nada.all@ietf.org, ietf@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.100.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Sean Turner <sean@sn3rd.com>
Message-ID: <156565849881.20488.4580765481520503258@ietfa.amsl.com>
Date: Mon, 12 Aug 2019 18:08:18 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/GbWIv1GOqJbCiE3nqRr64ptv8-4>
Subject: [secdir] Secdir last call review of draft-ietf-rmcat-nada-11
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Aug 2019 01:08:19 -0000
Reviewer: Sean Turner Review result: Has Nits Hi! I'm no congestion control expert so nothing in the main body jumped out at me. I did take a little time to review some security considerations for other congestion control RFCs and just wanted to make sure the same kind of information is getting addressed. I indicated the result of this review as "has nits" because there is a pretty good chance I am just suggesting some editorial tweaks. The security considerations rightly points out that this mechanism is susceptible to the same kind of attacks as TCP (e.g., hijack, replacement) and what mitigations to use (i.e., integrity protection of the RTCP feedback messages). But, what is missing is what happens if these attacks succeed: DoS or in the worst case congestion collapse? So, maybe instead of: As such, it is vulnerable to attacks where feedback messages are hijacked, replaces, or intentionally injected with misleading information, similar to those that can affect TCP. Maybe: As such, it is vulnerable to attacks where feedback messages are hijacked, replaces, or intentionally injected with misleading information resulting in denial of service, similar to those that can affect TCP. Also, unless I've completely misread this paragraph it seems like you are talking about two things: 1) it's just like TCP, and 2) "The modification of sending rate ...". So, maybe split the paragraph along those lines. Further questions: 1. Are there any concerns related to a greedy receiver who wants to gobble up more than its fair share of network bandwidth? 2. Seems like maybe you also need to refer to the RTP/RTCP security considerations because it seems like security primarily needs to be considered in the context of a specific transport protocol and its authentication mechanisms. Cheers, spt
- [secdir] Secdir last call review of draft-ietf-rm… Sean Turner via Datatracker
- Re: [secdir] [rmcat] Secdir last call review of d… Gorry Fairhurst
- Re: [secdir] [rmcat] Secdir last call review of d… Mirja Kuehlewind
- Re: [secdir] [rmcat] Secdir last call review of d… Colin Perkins
- Re: [secdir] [rmcat] Secdir last call review of d… Xiaoqing Zhu (xiaoqzhu)
- Re: [secdir] [rmcat] Secdir last call review of d… Gorry Fairhurst
- Re: [secdir] [rmcat] Secdir last call review of d… Gorry Fairhurst
- Re: [secdir] [rmcat] Secdir last call review of d… Xiaoqing Zhu (xiaoqzhu)