Last Call Review of draft-ietf-payload-flexible-fec-scheme-16
review-ietf-payload-flexible-fec-scheme-16-secdir-lc-perlman-2019-02-14-00

Request Review of draft-ietf-payload-flexible-fec-scheme
Requested rev. no specific revision (document currently at 20)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2019-02-01
Requested 2019-01-18
Authors Mo Zanaty, Varun Singh, Ali Begen, Giridhar Mandyam
Draft last updated 2019-02-14
Completed reviews Secdir Last Call review of -16 by Radia Perlman (diff)
Genart Last Call review of -16 by Meral Shirazipour (diff)
Tsvart Last Call review of -16 by Bernard Aboba (diff)
Secdir Telechat review of -17 by Radia Perlman (diff)
Assignment Reviewer Radia Perlman
State Completed
Review review-ietf-payload-flexible-fec-scheme-16-secdir-lc-perlman-2019-02-14
Reviewed rev. 16 (document currently at 20)
Review result Has Issues
Review completed: 2019-02-14

Review
review-ietf-payload-flexible-fec-scheme-16-secdir-lc-perlman-2019-02-14

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

This specification defines a format for sending Forward Error Correction
packets to allow occasional lost packets in a Real Time Protocol (RTP)
stream to be recovered without retransmission. The format for these packets
includes XORs of a series of packets which allows any one of the series to
be recovered if the repair packet is received. To support the case of more
than a single data packet being lost, it allows both horizontal and
vertical parity to be computed over an n*m array of packets. This is
important because the most frequent cause of packet loss is congestion, and
congestion frequently loses multiple packets in succession.

There are more mathematically sophisticated algorithms that would permit
recovery of more general sets of lost packets, but they would require more
computation to recover and more debate to specify. Most standard FEC
algorithms assume that a certain number of bits received are incorrect,
where this algorithm assumes that packets are never received incorrectly
but are sometimes not received at all. This algorithm is not designed to
recover from security attacks or more complex failures.

Security Considerations mentions multiple ways that an RTP stream can be
protected. I would quibble that the list includes TLS, which is probably
not appropriate. TLS requires that all data packets be received and
requests retransmission should packets be lost. That would remove any
benefit from having FEC packets. Use of DTLS would be an appropriate
protocol to use, however.

Other thoughts:

Given that most packet loss is caused by congestion, and very frequently
congestion loses multiple packets from a stream, I'm surprised that sending
repair packets based on an adjacent sequence of packets is effective
(especially since sending those packets will increase congestion losses).
Column based protection is more likely to be effective, but only if the
rows are long enough that a sequence of packets lost due to congestion
would all fit in a single row. On the other hand, lost packet recovery can
take up to the amount of time to receive n*m packets, so that value must be
small enough that the recovered packets are still useful given that this is
a real time protocol. It would be useful to publish information on losses
experienced in actual use in order to help designers tune their parameters.

Radia