> On 24 Jan 2019, at 19:23, Yoav Nir <ynir.ietf@xxxxxxxxx> wrote: > > Reviewer: Yoav Nir > Review result: Has Nits > > I have reviewed this document as part of the security directorate's ongoing > effort to review all IETF documents being processed by the IESG. Document > editors and WG chairs should treat these comments just like any other last call > comments. > > To quote from the abstract, the document "describes two reference video traffic > models for evaluating RTP congestion control algorithms". Indeed it does not > describe any protocol or algorithm that is going to get deployed on the > Internet, but rather a model for evaluating congestion control algorithm before > they are standardized or deployed. As such, I would not expect it to have much > to say on security, either good or bad. > > It is conceivable that a congestion control algorithm would be exploitable by > an attacker. For example, some pattern of traffic might trigger such an > algorithm to block or slow down traffic for a victim. It may be a good idea to > evaluate whether such algorithms are conducive to such attacks. But speculation > such as this are not related to the draft. This draft is about evaluating > congestion control algorithms for their effect on video quality and frame rates. > > So what is my nit with this? Why does the Security Considerations section > contains what it does? > > It is important to evaluate RTP-based congestion control schemes > using realistic traffic patterns, so as to ensure stable operations > of the network. Therefore, it is RECOMMENDED that candidate RTP- > based congestion control algorithms be tested using the video traffic > models presented in this draft before wide deployment over the > Internet. > > This is interesting, but I don't think it has much to do with security. IMO it > would be enough to say that this document introduces models for evaluation and > doesn't have any security implications. The existing text should go somewhere > else. To my mind, the security implication is that the algorithm be tested to demonstrate that it doesn’t cause denial-of-service when operating with realistic traffic. This could be, as you note above, that it disrupts the video application by forcing the sending rate to zero; but it’s also important to check that it doesn’t send overly quickly and congest the network, so denying service to other flows. -- Colin Perkins https://csperkins.org/
