Re: [AVTCORE] Last Call: <draft-ietf-avt-srtp-not-mandatory-14.txt> (Securing the RTP Protocol Framework: Why RTP Does Not Mandate a Single Media Security Solution) to Informational RFC

Pete Resnick <> Tue, 10 December 2013 00:39 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 7329B1AD944; Mon, 9 Dec 2013 16:39:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id sbcAdi1G-sF2; Mon, 9 Dec 2013 16:39:33 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 7D0A61ADFD5; Mon, 9 Dec 2013 16:39:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;;; q=dns/txt; s=qcdkim; t=1386635968; x=1418171968; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=ZHT2bwQh+30yhxmPc0WPi0ULjL2KgSRTaYBRnT9AbvM=; b=LCKOiLYkeGqCWt9zRhaZBUIcLFs3VxQxsyIdAxa9QPTT8PAPpj4jV2WQ eyTpY2BfrZOe+VQT4ziEItS2FGLrOi77vUVIOKYzSBJNqUN0nTy0gshb+ KIbLwZX8WZPv9ePECOmWpU/GXS6i8fyvtmbMQyG3B7Wqp9GVhc6tDhPQD w=;
X-IronPort-AV: E=McAfee;i="5400,1158,7284"; a="56307895"
Received: from ([]) by with ESMTP; 09 Dec 2013 16:39:28 -0800
X-IronPort-AV: E=McAfee;i="5400,1158,7284"; a="23827385"
Received: from ([]) by with ESMTP/TLS/RC4-SHA; 09 Dec 2013 16:39:27 -0800
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Mon, 9 Dec 2013 16:39:26 -0800
Message-ID: <>
Date: Mon, 9 Dec 2013 18:39:24 -0600
From: Pete Resnick <>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.7; en-US; rv: Gecko/20100630 Eudora/3.0.4
MIME-Version: 1.0
To: "Cullen Jennings (fluffy)" <>
References: <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
Content-Transfer-Encoding: 7bit
X-Originating-IP: []
Cc: Colin Perkins <>, " WG" <>, "" <>
Subject: Re: [AVTCORE] Last Call: <draft-ietf-avt-srtp-not-mandatory-14.txt> (Securing the RTP Protocol Framework: Why RTP Does Not Mandate a Single Media Security Solution) to Informational RFC
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 10 Dec 2013 00:39:35 -0000

On 12/9/13 4:24 PM, Cullen Jennings (fluffy) wrote:
> My read of the consensus at last plenary was that the IETF had decided it was going to stop doing that.
> [...]
> All I am asking is the IESG be consistent about how they judge consensus on this and if they decide to publish it, provide some guidance on when they think it is fine to not have security and when they think it is not fine.

A poorly constructed hum taken by the IAB Chair at an IAB plenary 
meeting does not constitute IETF consensus. The IESG has not judged 
consensus on the topics brought up at that plenary.

You will note that there is an Internet Draft 
(draft-farrell-perpass-attack) currently in Last Call for Best Current 
Practice that is being discussed on the IETF list. Some of the 
discussion indicates that the IETF does not have consensus on all of the 
issues. That's being worked through now. The outcome of that Last Call 
*will* be a case of the IESG judging consensus on those topics.

If you have an opinion on the draft in Last Call, how it will affect the 
judgment on the AVT draft, and whether it needs clarification in order 
to be useful, I'm sure your input would be appreciated.


Pete Resnick<>
Qualcomm Technologies, Inc. - +1 (858)651-4478