[AVT] Re: IESG Review of draft-ietf-avt-mpeg4-simple-07.txt - Discuss Comments
jan.vandermeer@philips.com Mon, 07 July 2003 08:05 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA16804 for <avt-archive@odin.ietf.org>; Mon, 7 Jul 2003 04:05:45 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19ZQzs-0004jQ-5h for avt-archive@odin.ietf.org; Mon, 07 Jul 2003 04:05:17 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id h6785GxT018189 for avt-archive@odin.ietf.org; Mon, 7 Jul 2003 04:05:16 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19ZQze-0004ik-DA; Mon, 07 Jul 2003 04:05:02 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 19YTjD-0003OQ-Mv for avt@optimus.ietf.org; Fri, 04 Jul 2003 12:48:08 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA01850 for <avt@ietf.org>; Fri, 4 Jul 2003 12:48:04 -0400 (EDT)
From: jan.vandermeer@philips.com
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19YTjB-0007nJ-00 for avt@ietf.org; Fri, 04 Jul 2003 12:48:05 -0400
Received: from gw-nl5.philips.com ([212.153.235.109] ident=postfix) by ietf-mx with esmtp (Exim 4.12) id 19YTjA-0007nG-00 for avt@ietf.org; Fri, 04 Jul 2003 12:48:04 -0400
Received: from smtpscan-nl3.philips.com (smtpscan-nl3.philips.com [130.139.36.23]) by gw-nl5.philips.com (Postfix) with ESMTP id CAF3955A01; Fri, 4 Jul 2003 18:48:03 +0200 (MET DST)
Received: from smtprelay-nl2.philips.com (localhost [127.0.0.1]) by smtpscan-nl3.philips.com (8.9.3-p1/8.8.5-1.2.2m-19990317) with ESMTP id SAA29236; Fri, 4 Jul 2003 18:48:03 +0200 (MET DST)
Received: from ehv501soh.diamond.philips.com (e3soh01.diamond.philips.com [130.139.54.47]) by smtprelay-nl2.philips.com (8.9.3-p1/8.8.5-1.2.2m-19990317) with ESMTP id SAA16414; Fri, 4 Jul 2003 18:48:02 +0200 (MEST)
To: mankin@psg.com
Cc: avt@ietf.org, casner@acm.org, csp@csperkins.org, dmackie@apple.com, magnus.westerlund@ericsson.com, mankin@psg.com, ned.freed@mrochek.com, philippe.gentric@philips.com, singer@apple.com, smb@research.att.com, viswanathan.swaminathan@sun.com
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 5.0.9a January 7, 2002
Message-ID: <OF53CC1598.4956D68D-ONC1256D59.004D3199-C1256D59.005C4702@diamond.philips.com>
Date: Fri, 04 Jul 2003 18:46:34 +0200
X-MIMETrack: Serialize by Router on ehv501soh/H/SERVER/PHILIPS(Release 5.0.11 |July 24, 2002) at 04/07/2003 18:46:41, Serialize complete at 04/07/2003 18:46:41
Content-Type: multipart/alternative; boundary="=_alternative 005C46FCC1256D59_="
Subject: [AVT] Re: IESG Review of draft-ietf-avt-mpeg4-simple-07.txt - Discuss Comments
Sender: avt-admin@ietf.org
Errors-To: avt-admin@ietf.org
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Id: Audio/Video Transport Working Group <avt.ietf.org>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
Dear Allison, all, Thanks for the IESG comments. In response I would like to suggest the following: 1) Comment: It is strange to have more than one section labeled "Introduction." Please pick a new label for section 2.1. My proposal is to label 2.1 as "Signaling by MIME format parameters" 2) Where is the security model defined for ECMAScript in this context? (Problems with the model have been part of the Javascript security problem for Web browsers.) MPEG-4 defines some important constraints on the use of ECMA scripts in MPEG-4. An annex to the MPEG-4 system spec describes the differences between "regular" ECMA scipts and "MPEG-4 scripts". As far as I understand these constraints do not allow dangerous ECMA script constructs, which means there is no need for an ECMA script security model in this context. Below I attached the MPEG-4 annex that describes the differences. I suggest to resolve this as follows: a) replace in section 5 "security considerations" all current references to ECMAScript by MPEG-4 script, and b) add to the fifth paragraph (starting with "In ISO/IEC 14496-1 a security model is defined for ...") the following trailing sentence "Note: MPEG-4 scripts are based on ECMA scripts, but there is no need for an ECMA script security model, as the use of insecure ECMA script constructs is impossible in MPEG-4 scripts." 3) 2.4: Why is this form of application-level fragmentation better than IP fragmentation? This is because of error resilience. If IP fragmentation occurs without application-level fragmentation, then all data of the entire Access Unit gets lost when one such fragmented IP packet is lost. When application-level fragmentation is used, and one RTP packet with an AU fragment gets lost, then the received RTP packet(s) with the other AU fragments can still be decoded. I suggest to remove "so as to avoid IP layer fragmentation" from the first sentence of section 2.4, and to add the following after the first sentence: "Hence when an IP packet is lost after IP-level fragmentation, only an AU fragment may get lost instead of the entire AU". Any comments very welcome. Best regards, Jan van der Meer *******begin of MPEG-4 system annex******* MPEG-4 Scripts Have a Rigid Representation MPEG-4 scripts differ slightly from ECMA scripts. The most important difference is that MPEG-4 scripts are not represented textually, but are transmitted as a parse tree representation. This means that only constructs that can be represented by the MPEG-4 parse grammar can be encoded and transmitted. Not all ECMA script constructs can be represented in MPEG-4 scripts. The differences between ECMA scripts and scripts that can be represented in MPEG-4 are given below. Keywords MPEG-4 scripts cannot utilize the following keywords: catch delete do finally in instanceof throw try typeof void with . This means that do ? while loops and for ? in loops are not possible. Relational operators The relational operators "===" and "!==" cannot be included in MPEG-4 Scripts. Labeled statements In MPEG-4 scripts it is impossible to label statements and to break or continue to labeled statements. Switch statement restriction MPEG-4 scripts with switch statements can only take numerical case expressions and always must have at least one case statement. In particular this means that switch { case (x+1): ?. } is not possible, while Switch { case 1: ?. } is okay. Functions, not programs The MPEG-4 event driven script model allows only functions to be called in response to events. Expressions Statements that include statement blocks, such as for are represented in the parse tree as having an empty statement block, where as in ECMA script they can omit this block. Functionally, the statements behave identically. For example, the expression: for ( <expr>; <expr>; <expr>) must be represented as for ( <expr>; <expr>; <expr>) {} Array and Object Literals Array and object literals of the form [value1, value2, .., valueN] and {property1:value1, property2: value2, .. propertyN:valueN} cannot be used in MPEG-4 scripts. *******end of MPEG-4 system annex******* Allison Mankin <mankin@psg.com> 2003-06-27 06:19 AM Please respond to mankin To: Jan vanderMeer/EHV/CE/PHILIPS@EMEA3 dmackie@apple.com viswanathan.swaminathan@sun.com singer@apple.com Philippe Gentric/MP4-SUR/CE/PHILIPS@EMEA1 cc: casner@acm.org magnus.westerlund@ericsson.com csp@csperkins.org smb@research.att.com ned.freed@mrochek.com mankin@psg.com avt@ietf.org Subject: IESG Review of draft-ietf-avt-mpeg4-simple-07.txt - Discuss Comments Classification: The IESG reviewed draft-ietf-avt-mpeg4-simple-07.txt and had a few concerns that should be addressed before the draft can advance. Editorially: Comment: It is strange to have more than one section labeled "Introduction." Please pick a new label for section 2.1. Steve Bellovin and Ned Freed both request that a reference be given in the Security Considerations for security model for ECMAscript. Here is Steve's Discuss comment: Where is the security model defined for ECMAScript in this context? (Problems with the model have been part of the Javascript security problem for Web browsers.) Steve also asked: 2.4: Why is this form of application-level fragmentation better than IP fragmentation? Please discuss the issues in email and we'll see if the fixes to the draft can be done as notes rather than a revised i-d, to be quicker. Allison
- [AVT] IESG Review of draft-ietf-avt-mpeg4-simple-… Allison Mankin
- [AVT] Re: IESG Review of draft-ietf-avt-mpeg4-sim… jan.vandermeer
- [AVT] Re: IESG Review of draft-ietf-avt-mpeg4-sim… John Lazzaro
- Re: [AVT] Re: IESG Review of draft-ietf-avt-mpeg4… jan.vandermeer