Last Call Review of draft-ietf-rmcat-video-traffic-model-06
review-ietf-rmcat-video-traffic-model-06-secdir-lc-nir-2019-01-24-00

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  Document
editors and WG chairs should treat these comments just like any other last call
comments.

To quote from the abstract, the document "describes two reference video traffic
models for evaluating RTP congestion control algorithms". Indeed it does not
describe any protocol or algorithm that is going to get deployed on the
Internet, but rather a model for evaluating congestion control algorithm before
they are standardized or deployed. As such, I would not expect it to have much
to say on security, either good or bad.

It is conceivable that a congestion control algorithm would be exploitable by
an attacker. For example, some pattern of traffic might trigger such an
algorithm to block or slow down traffic for a victim. It may be a good idea to
evaluate whether such algorithms are conducive to such attacks. But speculation
such as this are not related to the draft. This draft is about evaluating
congestion control algorithms for their effect on video quality and frame rates.

So what is my nit with this?  Why does the Security Considerations section
contains what it does?

   It is important to evaluate RTP-based congestion control schemes
   using realistic traffic patterns, so as to ensure stable operations
   of the network.  Therefore, it is RECOMMENDED that candidate RTP-
   based congestion control algorithms be tested using the video traffic
   models presented in this draft before wide deployment over the
   Internet.

This is interesting, but I don't think it has much to do with security. IMO it
would be enough to say that this document introduces models for evaluation and
doesn't have any security implications.  The existing text should go somewhere
else.