Skip to main content

Last Call Review of draft-ietf-rmcat-video-traffic-model-06

Request Review of draft-ietf-rmcat-video-traffic-model
Requested revision No specific revision (document currently at 07)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2019-01-28
Requested 2019-01-14
Authors Xiaoqing Zhu , Sergio Mena de la Cruz , Zaheduzzaman Sarker
I-D last updated 2019-01-24
Completed reviews Genart Last Call review of -06 by Ines Robles (diff)
Secdir Last Call review of -06 by Yoav Nir (diff)
Tsvart Telechat review of -06 by Tommy Pauly (diff)
Assignment Reviewer Yoav Nir
State Completed
Request Last Call review on draft-ietf-rmcat-video-traffic-model by Security Area Directorate Assigned
Reviewed revision 06 (document currently at 07)
Result Has nits
Completed 2019-01-24
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  Document
editors and WG chairs should treat these comments just like any other last call

To quote from the abstract, the document "describes two reference video traffic
models for evaluating RTP congestion control algorithms". Indeed it does not
describe any protocol or algorithm that is going to get deployed on the
Internet, but rather a model for evaluating congestion control algorithm before
they are standardized or deployed. As such, I would not expect it to have much
to say on security, either good or bad.

It is conceivable that a congestion control algorithm would be exploitable by
an attacker. For example, some pattern of traffic might trigger such an
algorithm to block or slow down traffic for a victim. It may be a good idea to
evaluate whether such algorithms are conducive to such attacks. But speculation
such as this are not related to the draft. This draft is about evaluating
congestion control algorithms for their effect on video quality and frame rates.

So what is my nit with this?  Why does the Security Considerations section
contains what it does?

   It is important to evaluate RTP-based congestion control schemes
   using realistic traffic patterns, so as to ensure stable operations
   of the network.  Therefore, it is RECOMMENDED that candidate RTP-
   based congestion control algorithms be tested using the video traffic
   models presented in this draft before wide deployment over the

This is interesting, but I don't think it has much to do with security. IMO it
would be enough to say that this document introduces models for evaluation and
doesn't have any security implications.  The existing text should go somewhere