[AVT] Re: IESG Review of draft-ietf-avt-mpeg4-simple-07.txt - Discuss Comments
John Lazzaro <lazzaro@CS.Berkeley.EDU> Mon, 07 July 2003 19:34 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA10760 for <avt-archive@odin.ietf.org>; Mon, 7 Jul 2003 15:34:31 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19ZbkR-0006z3-5B for avt-archive@odin.ietf.org; Mon, 07 Jul 2003 15:34:03 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h67JY3dA026834 for avt-archive@odin.ietf.org; Mon, 7 Jul 2003 15:34:03 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19ZbkQ-0006yC-9D; Mon, 07 Jul 2003 15:34:02 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19Zbjw-0006x2-7B for avt@optimus.ietf.org; Mon, 07 Jul 2003 15:33:32 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA10714 for <avt@ietf.org>; Mon, 7 Jul 2003 15:33:30 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19Zbju-0001UI-00 for avt@ietf.org; Mon, 07 Jul 2003 15:33:30 -0400
Received: from snap.cs.berkeley.edu ([128.32.34.209] ident=root) by ietf-mx with esmtp (Exim 4.12) id 19Zbju-0001UF-00 for avt@ietf.org; Mon, 07 Jul 2003 15:33:30 -0400
Received: (from lazzaro@localhost) by snap.CS.Berkeley.EDU (8.11.6/8.9.3-ZUUL) id h67JX5t21340 for avt@ietf.org; Mon, 7 Jul 2003 12:33:05 -0700
Date: Mon, 07 Jul 2003 12:33:05 -0700
From: John Lazzaro <lazzaro@CS.Berkeley.EDU>
Message-Id: <200307071933.h67JX5t21340@snap.CS.Berkeley.EDU>
To: avt@ietf.org
Subject: [AVT] Re: IESG Review of draft-ietf-avt-mpeg4-simple-07.txt - Discuss Comments
Sender: avt-admin@ietf.org
Errors-To: avt-admin@ietf.org
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Id: Audio/Video Transport Working Group <avt.ietf.org>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
> jan.vandermeer@philips.com writes: > > As far as I understand these constraints do not allow dangerous ECMA > script constructs, which means there is no need for an ECMA script > security model in this context. Below I attached the MPEG-4 annex that > describes the differences. Do "MPEG-4 scripts" give the script control over audio volume of the presentation, in a way that could override the levels manually set by the human listening to the decoder? A rogue program that blows out the speakers of the victim's terminal seems like a security risk of some sort, although not of the classical kind since data and CPU and network are not compromised ... if this is an actual risk, might be worth warning implementors in the Security Considerations section ... ------------------------------------------------------------------------- John Lazzaro -- Research Specialist -- CS Division -- EECS -- UC Berkeley lazzaro [at] cs [dot] berkeley [dot] edu www.cs.berkeley.edu/~lazzaro ------------------------------------------------------------------------- _______________________________________________ Audio/Video Transport Working Group avt@ietf.org https://www1.ietf.org/mailman/listinfo/avt
- [AVT] IESG Review of draft-ietf-avt-mpeg4-simple-… Allison Mankin
- [AVT] Re: IESG Review of draft-ietf-avt-mpeg4-sim… jan.vandermeer
- [AVT] Re: IESG Review of draft-ietf-avt-mpeg4-sim… John Lazzaro
- Re: [AVT] Re: IESG Review of draft-ietf-avt-mpeg4… jan.vandermeer