[AVT] Re: Comments on draft-ietf-avt-rtp-vc1-02
Magnus Westerlund <magnus.westerlund@ericsson.com> Fri, 09 December 2005 09:50 UTC
Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Eketg-0006v1-HO; Fri, 09 Dec 2005 04:50:36 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Ekete-0006uP-Lv for avt@megatron.ietf.org; Fri, 09 Dec 2005 04:50:34 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA09209 for <avt@ietf.org>; Fri, 9 Dec 2005 04:49:41 -0500 (EST)
Received: from mailgw3.ericsson.se ([193.180.251.60]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Eketj-0004c7-JY for avt@ietf.org; Fri, 09 Dec 2005 04:50:45 -0500
Received: from esealmw128.eemea.ericsson.se (unknown [153.88.254.121]) by mailgw3.ericsson.se (Symantec Mail Security) with ESMTP id ED0A21A39; Fri, 9 Dec 2005 10:44:15 +0100 (CET)
Received: from esealmw128.eemea.ericsson.se ([153.88.254.176]) by esealmw128.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.211); Fri, 9 Dec 2005 10:43:50 +0100
Received: from [147.214.34.71] ([147.214.34.71]) by esealmw128.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.211); Fri, 9 Dec 2005 10:43:50 +0100
Message-ID: <439951D5.3020502@ericsson.com>
Date: Fri, 09 Dec 2005 10:43:49 +0100
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Mozilla Thunderbird 1.0.5 (Windows/20050711)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Anders Klemets <Anders.Klemets@microsoft.com>
References: <9ED672B9D1A64C489291BE0FB822217D0D79B058@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>
In-Reply-To: <9ED672B9D1A64C489291BE0FB822217D0D79B058@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 09 Dec 2005 09:43:50.0242 (UTC) FILETIME=[0F0FBC20:01C5FCA5]
X-Brightmail-Tracker: AAAAAA==
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0a7aa2e6e558383d84476dc338324fab
Content-Transfer-Encoding: 7bit
Cc: IETF AVT WG <avt@ietf.org>
Subject: [AVT] Re: Comments on draft-ietf-avt-rtp-vc1-02
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Audio/Video Transport Working Group <avt.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
Sender: avt-bounces@ietf.org
Errors-To: avt-bounces@ietf.org
Anders Klemets wrote: >>>>T1. Will it be possible to carry any type of active content (like >>>>scripts or Java code) in the VC-1 user data? If that is the case > > there > >>Yes, sorry, I meant RFC 3640 that contains such paragraphs in its >>security consideration section. > > > I can understand that RFC 3640 needs to discuss security, because > MPEG-J, BIFS, etc., are part of the MPEG-4 spec itself. The VC-1 > user-data, on the other hand, is registered separately by SMPTE. > > VC-1 user-data is actually identical to the MPEG-2 user-data. And RFC > 2250 (MPEG-2 RTP Payload Format) doesn't mention user-data as a security > risk. Okay, does MPEG-2 user data allow scripting or other active content? If that is the case I would like to have warning about also that, similar to the last paragraph in section 5 of RFC 3640. That RFC 2250 lacks this is of course not good, but hardly surprising. We have gather quite a lot of experience since 1998. Also we are raising the bar for our standard tracks RTP payload formats in all regards. > > In my opinion, putting a warning about user-data is a little bit like > putting a warning against downloading binaries in the HTTP spec, or > putting a warning about telemarketer scams in the SIP spec. :-) > > Nevertheless, I have written the following paragraph, to be added to the > VC-1 security considerations section: > > "VC-1 bit streams can carry user-data, such as closed captioning > information and content meta-data. VC-1 requires identifiers for > user-data to be registered with SMPTE. Depending on the type of > user-data, it might be possible for a sender to generate user-data in a > non-compliant manner to crash the receiver or make it temporarily > unavailable. Senders that transport VC-1 bit streams SHOULD ensure that > the user-data is compliant with the specification registered with SMPTE > (see Annex F of [1].) Receivers should prevent malfunction in case of > non-compliant user-data." > > Does it look OK? I think you should use upper case SHOULD also in the last sentence. In addition we need to know if MPEG2 user data may contain active content to determine if also that needs to be included. Cheers Magnus Westerlund Multimedia Technologies, Ericsson Research EAB/TVA/A ---------------------------------------------------------------------- Ericsson AB | Phone +46 8 4048287 Torshamsgatan 23 | Fax +46 8 7575550 S-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com _______________________________________________ Audio/Video Transport Working Group avt@ietf.org https://www1.ietf.org/mailman/listinfo/avt
- RE: [AVT] RE: Comments on draft-ietf-avt-rtp-vc1-… Allison, Art
- [AVT] Comments on draft-ietf-avt-rtp-vc1-02 Magnus Westerlund
- [AVT] RE: Comments on draft-ietf-avt-rtp-vc1-02 Anders Klemets
- [AVT] Re: Comments on draft-ietf-avt-rtp-vc1-02 Magnus Westerlund
- [AVT] RE: Comments on draft-ietf-avt-rtp-vc1-02 Anders Klemets
- [AVT] Re: Comments on draft-ietf-avt-rtp-vc1-02 Magnus Westerlund
- Re: [AVT] Re: Comments on draft-ietf-avt-rtp-vc1-… stewe