Last Call Review of draft-ietf-rmcat-wireless-tests-08
review-ietf-rmcat-wireless-tests-08-secdir-lc-orman-2020-01-23-00
Request | Review of | draft-ietf-rmcat-wireless-tests |
---|---|---|
Requested revision | No specific revision (document currently at 11) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2020-01-21 | |
Requested | 2020-01-07 | |
Authors | Zaheduzzaman Sarker , Xiaoqing Zhu , Jiantao Fu | |
I-D last updated | 2020-01-23 | |
Completed reviews |
Secdir Last Call review of -08
by Hilarie Orman
(diff)
Genart Last Call review of -08 by Gyan Mishra (diff) Opsdir Last Call review of -08 by Fred Baker (diff) |
|
Assignment | Reviewer | Hilarie Orman |
State | Completed | |
Request | Last Call review on draft-ietf-rmcat-wireless-tests by Security Area Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/secdir/-x7K00OlaQGT66AgPi-hXm1I-sk | |
Reviewed revision | 08 (document currently at 11) | |
Result | Has issues | |
Completed | 2020-01-20 |
review-ietf-rmcat-wireless-tests-08-secdir-lc-orman-2020-01-23-00
Security review of Evaluation Test Cases for Interactive Real-Time Media over Wireless Networks draft-ietf-rmcat-wireless-tests-08 Do not be alarmed. I generated this review of this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving security requirements and considerations in IETF drafts. Comments not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. The focus of this document is the definition of test cases that can be used evaluate congestion control algorithms for cellular and Wi-Fi networks. If the testing is done on isolated testbed networks, there are are few, if any, security considerations. The Security Considerations section mentions safeguards to avoid "congestion collapse of the Internet" and "leaking non-responsive traffic from unproven congestion avoidance techniques onto the open Internet". The former seems overly general (shouldn't all IETF protocols strive to avoid breaking the Internet?), and I am not at all sure what the latter means. I would recommend that test setups use passwords and keys that are specific to the test environment, but that is a generic recommendation for all test environments. It is probably not needed in this document. Hilarie