[AVTCORE] draft-ietf-avtcore-rtp-security-options-06 review

"Peck, Michael A" <mpeck@mitre.org> Wed, 02 October 2013 15:23 UTC

Return-Path: <mpeck@mitre.org>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 6C9EB21F8B4E for <avt@ietfa.amsl.com>; Wed, 2 Oct 2013 08:23:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id WkuH8pO3+orX for <avt@ietfa.amsl.com>; Wed, 2 Oct 2013 08:23:17 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org []) by ietfa.amsl.com (Postfix) with ESMTP id 4965121F9385 for <avt@ietf.org>; Wed, 2 Oct 2013 08:22:45 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain []) by localhost (Postfix) with SMTP id 1879E1F0640 for <avt@ietf.org>; Wed, 2 Oct 2013 11:22:37 -0400 (EDT)
Received: from IMCCAS01.MITRE.ORG (imccas01.mitre.org []) by smtpksrv1.mitre.org (Postfix) with ESMTP id 090A21F0728 for <avt@ietf.org>; Wed, 2 Oct 2013 11:22:37 -0400 (EDT)
Received: from IMCMBX04.MITRE.ORG ([]) by IMCCAS01.MITRE.ORG ([]) with mapi id 14.03.0158.001; Wed, 2 Oct 2013 11:22:36 -0400
From: "Peck, Michael A" <mpeck@mitre.org>
To: "avt@ietf.org" <avt@ietf.org>
Thread-Topic: draft-ietf-avtcore-rtp-security-options-06 review
Thread-Index: AQHOv4M4GbdvZePjLUiH9aLkz6HuUA==
Date: Wed, 2 Oct 2013 15:22:35 +0000
Message-ID: <CE71A95A.68A1%mpeck@mitre.org>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_CE71A95A68A1mpeckmitreorg_"
MIME-Version: 1.0
Subject: [AVTCORE] draft-ietf-avtcore-rtp-security-options-06 review
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Oct 2013 15:23:29 -0000


I reviewed draft-ietf-avtcore-rtp-security-options-06.  It looks good, I have a few minor comments.

Section 3.1:
I suggest removing the phrase "…and NSA Suite B included cryptographic transforms." from the "AES-192 and AES-256:" paragraph.
The RFC6188 crypto suites are technically not Suite B compliant because they use HMAC-SHA1 for authentication, and SHA-1 is not part of Suite B.

Section 3.3:
Another downside of IPsec perhaps worth pointing out is that if it's relied upon instead of a higher layer mechanism, information about the authenticated identities of the endpoints, or an indication of whether encryption is even in place at all, are generally not available at the application layer to present through the user interface.

Editorial comments:

"so it worth" -> "so it is worth"

"such the fact" -> "such as the fact"