[secdir] Secdir last call review of draft-ietf-rmcat-video-traffic-model-06
Yoav Nir <ynir.ietf@gmail.com> Thu, 24 January 2019 19:23 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id DF12613120F; Thu, 24 Jan 2019 11:23:41 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Yoav Nir <ynir.ietf@gmail.com>
To: secdir@ietf.org
Cc: rmcat@ietf.org, draft-ietf-rmcat-video-traffic-model.all@ietf.org, ietf@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.90.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <154835782178.29376.11315332570255821000@ietfa.amsl.com>
Date: Thu, 24 Jan 2019 11:23:41 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/xiNHnafMVYRdME3P_h3ro9YhNyw>
Subject: [secdir] Secdir last call review of draft-ietf-rmcat-video-traffic-model-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Jan 2019 19:23:42 -0000
Reviewer: Yoav Nir Review result: Has Nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. Document editors and WG chairs should treat these comments just like any other last call comments. To quote from the abstract, the document "describes two reference video traffic models for evaluating RTP congestion control algorithms". Indeed it does not describe any protocol or algorithm that is going to get deployed on the Internet, but rather a model for evaluating congestion control algorithm before they are standardized or deployed. As such, I would not expect it to have much to say on security, either good or bad. It is conceivable that a congestion control algorithm would be exploitable by an attacker. For example, some pattern of traffic might trigger such an algorithm to block or slow down traffic for a victim. It may be a good idea to evaluate whether such algorithms are conducive to such attacks. But speculation such as this are not related to the draft. This draft is about evaluating congestion control algorithms for their effect on video quality and frame rates. So what is my nit with this? Why does the Security Considerations section contains what it does? It is important to evaluate RTP-based congestion control schemes using realistic traffic patterns, so as to ensure stable operations of the network. Therefore, it is RECOMMENDED that candidate RTP- based congestion control algorithms be tested using the video traffic models presented in this draft before wide deployment over the Internet. This is interesting, but I don't think it has much to do with security. IMO it would be enough to say that this document introduces models for evaluation and doesn't have any security implications. The existing text should go somewhere else.
- [secdir] Secdir last call review of draft-ietf-rm… Yoav Nir
- Re: [secdir] Secdir last call review of draft-iet… Colin Perkins
- Re: [secdir] Secdir last call review of draft-iet… Xiaoqing Zhu (xiaoqzhu)