Re: [secdir] [rmcat] Secdir last call review of draft-ietf-rmcat-nada-11

Mirja Kuehlewind <> Fri, 16 August 2019 12:59 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 585271200A1; Fri, 16 Aug 2019 05:59:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id zKHdKUf7zNCc; Fri, 16 Aug 2019 05:59:44 -0700 (PDT)
Received: from ( [IPv6:2a01:488:42:1000:50ed:8223::]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CF9CA120089; Fri, 16 Aug 2019 05:59:43 -0700 (PDT)
Received: from [] (helo=[]); authenticated by running ExIM with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) id 1hybpT-0003Na-0J; Fri, 16 Aug 2019 14:59:39 +0200
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Mirja Kuehlewind <>
In-Reply-To: <>
Date: Fri, 16 Aug 2019 14:59:37 +0200
Cc:,,, IETF <>
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <>
To: G Fairhurst <>, Sean Turner <>
X-Mailer: Apple Mail (2.3445.104.11)
X-HE-SMSGID: 1hybpT-0003Na-0J
Archived-At: <>
Subject: Re: [secdir] [rmcat] Secdir last call review of draft-ietf-rmcat-nada-11
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 16 Aug 2019 12:59:47 -0000

Hi Sean, hi Gorry,

Thanks for your review and feedback. Please see below.

> On 13. Aug 2019, at 09:56, Gorry Fairhurst <> wrote:
> See  below:
> On 13/08/2019, 02:08, Sean Turner via Datatracker wrote:
>> Reviewer: Sean Turner
>> Review result: Has Nits
>> Hi! I'm no congestion control expert so nothing in the main body jumped out at
>> me.  I did take a little time to review some security considerations for other
>> congestion control RFCs and just wanted to make sure the same kind of
>> information is getting addressed.  I indicated the result of this review as
>> "has nits" because there is a pretty good chance I am just suggesting some
>> editorial tweaks.
>> The security considerations rightly points out that this mechanism is
>> susceptible to the same kind of attacks as TCP (e.g., hijack, replacement) and
>> what mitigations to use (i.e., integrity protection of the RTCP feedback
>> messages).  But, what is missing is what happens if these attacks succeed: DoS
>> or in the worst case congestion collapse?  So, maybe instead of:
>>    As such, it is vulnerable to attacks where feedback
>>    messages are hijacked, replaces, or intentionally injected with
>>    misleading information, similar to those that can affect TCP.
>> Maybe:
>>    As such, it is vulnerable to attacks where feedback
>>    messages are hijacked, replaces, or intentionally injected with
>>    misleading information resulting in denial of service, similar
>>    to those that can affect TCP.
>> Also, unless I've completely misread this paragraph it seems like you are
>> talking about two things: 1) it's just like TCP, and 2) "The modification of
>> sending rate ...".  So, maybe split the paragraph along those lines.

I think this is actually based on text that we used for scream (now RFC8298) which is another congestion control developed in rmcat. I think we refined that text also based on a SEC (or GEN?) review comment at that time and people were at the end satisfied with it. However, your proposed change above could surely be integrated and I leave it to the authors if they want to refine the text further. 

>> Further questions:
>> 1. Are there any concerns related to a greedy receiver who wants to gobble up
>> more than its fair share of network bandwidth?

This is a very general point for all congestion control schemes, and for rmcat it is also discussed in draft-ietf-rmcat-cc-requirements (which is sitting in the RFC editor queue for a while as part of the 238 cluster…). I personally don’t see too much value in discussing this here once again (given the generic nature of the problem and very unclear definition of “fair”).

>> 2. Seems like maybe you also need to refer to the RTP/RTCP security
>> considerations because it seems like security primarily needs to be considered
>> in the context of a specific transport protocol and its authentication
>> mechanisms.

Hm, also not sure here because, while this congestion control scheme is developed for RTP/RTCP, it's defined in a more generic way and there are actually no real dependencies on a specific protocol.

>> Cheers,
>> spt
> I also think that text (or similar) would also be valuable in the security considerations section.

Gorry: Can you further explain what part this comment related to?


> Gorry