IETF Logo Mail Archive

Re: [AVT] Re: Comments on draft-ietf-avt-rtp-vc1-02

stewe@stewe.org Fri, 09 December 2005 12:40 UTC

Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EkhXf-0006U0-5j; Fri, 09 Dec 2005 07:40:03 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EkhXb-0006TC-QE for avt@megatron.ietf.org; Fri, 09 Dec 2005 07:40:02 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA27726 for <avt@ietf.org>; Fri, 9 Dec 2005 07:38:55 -0500 (EST)
From: stewe@stewe.org
Received: from stewe.org ([85.214.23.117] helo=h665227.serverkompetenz.net) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EkhXd-0001Ui-0N for avt@ietf.org; Fri, 09 Dec 2005 07:40:01 -0500
Received: (qmail 22574 invoked by uid 60000); 9 Dec 2005 12:37:38 -0000
Received: from 127.0.0.1 by h665227 (envelope-from <stewe@stewe.org>, uid 60004) with qmail-scanner-1.24st visas (spamassassin: 2.64. Clear:RC:1(127.0.0.1):. Processed in 0.750328 secs); 09 Dec 2005 12:37:38 -0000
Received: from localhost (HELO webmail.stewe.org) (127.0.0.1) by localhost with SMTP; 9 Dec 2005 12:37:37 -0000
Received: from 192.100.116.142 (proxying for 172.22.37.163) (SquirrelMail authenticated user stewe@stewe.org) by webmail.stewe.org with HTTP; Fri, 9 Dec 2005 13:37:37 +0100 (CET)
Message-ID: <58273.192.100.116.142.1134131857.squirrel@webmail.stewe.org>
In-Reply-To: <439951D5.3020502@ericsson.com>
References: <9ED672B9D1A64C489291BE0FB822217D0D79B058@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com> <439951D5.3020502@ericsson.com>
Date: Fri, 09 Dec 2005 13:37:37 +0100
Subject: Re: [AVT] Re: Comments on draft-ietf-avt-rtp-vc1-02
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: SquirrelMail/1.4.4
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-Spam-Score: 1.1 (+)
X-Scan-Signature: b280b4db656c3ca28dd62e5e0b03daa8
Content-Transfer-Encoding: 8bit
Cc: Anders Klemets <anders.klemets@microsoft.com>, IETF AVT WG <avt@ietf.org>
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Audio/Video Transport Working Group <avt.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
Sender: avt-bounces@ietf.org
Errors-To: avt-bounces@ietf.org

MPEG-2 user data can contain any byte stream, and it's entierly up to the
receiver what to do with it (i.e. throwing it away, executing it, ...). 
Acyive content is allowed in MPEG-2 user data.

I'm unaware of any use of MPEG-2 user data in a way that would warrant the
term "active content", though.  User data has been used for mechanisms
such as close captioning, key transmission, and non-compliant vendor
specific standard enhancements.  The most important application in use (as
far as I know) is operator differentiation: a box purchased from operator
x will not work in the network of operator y.

Regards,
Stephan


> Anders Klemets wrote:
>>>>>T1. Will it be possible to carry any type of active content (like
>>>>>scripts or Java code) in the VC-1 user data? If that is the case
>>
>> there
>>
>>>Yes, sorry, I meant RFC 3640 that contains such paragraphs in its
>>>security consideration section.
>>
>>
>> I can understand that RFC 3640 needs to discuss security, because
>> MPEG-J, BIFS, etc., are part of the MPEG-4 spec itself.  The VC-1
>> user-data, on the other hand, is registered separately by SMPTE.
>>
>> VC-1 user-data is actually identical to the MPEG-2 user-data.  And RFC
>> 2250 (MPEG-2 RTP Payload Format) doesn't mention user-data as a security
>> risk.
>
> Okay, does MPEG-2 user data allow scripting or other active content? If
> that is the case I would like to have warning about also that, similar
> to the last paragraph in section 5 of RFC 3640.
>
> That RFC 2250 lacks this is of course not good, but hardly surprising.
> We have gather quite a lot of experience since 1998. Also we are raising
> the bar for our standard tracks RTP payload formats in all regards.
>
>>
>> In my opinion, putting a warning about user-data is a little bit like
>> putting a warning against downloading binaries in the HTTP spec, or
>> putting a warning about telemarketer scams in the SIP spec. :-)
>>
>> Nevertheless, I have written the following paragraph, to be added to the
>> VC-1 security considerations section:
>>
>> "VC-1 bit streams can carry user-data, such as closed captioning
>> information and content meta-data.  VC-1 requires identifiers for
>> user-data to be registered with SMPTE.  Depending on the type of
>> user-data, it might be possible for a sender to generate user-data in a
>> non-compliant manner to crash the receiver or make it temporarily
>> unavailable.  Senders that transport VC-1 bit streams SHOULD ensure that
>> the user-data is compliant with the specification registered with SMPTE
>> (see Annex F of [1].)  Receivers should prevent malfunction in case of
>> non-compliant user-data."
>>
>> Does it look OK?
>
> I think you should use upper case SHOULD also in the last sentence. In
> addition we need to know if MPEG2 user data may contain active content
> to determine if also that needs to be included.
>
> Cheers
>
> Magnus Westerlund
>
> Multimedia Technologies, Ericsson Research EAB/TVA/A
> ----------------------------------------------------------------------
> Ericsson AB                | Phone +46 8 4048287
> Torshamsgatan 23           | Fax   +46 8 7575550
> S-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
>
> _______________________________________________
> Audio/Video Transport Working Group
> avt@ietf.org
> https://www1.ietf.org/mailman/listinfo/avt
>



_______________________________________________
Audio/Video Transport Working Group
avt@ietf.org
https://www1.ietf.org/mailman/listinfo/avt

v2.23.0 | Report a Bug | By Email