[Cellar] Secdir last call review of draft-ietf-cellar-ffv1-16

Liang Xia via Datatracker <noreply@ietf.org> Wed, 22 July 2020 00:30 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: cellar@ietf.org
Delivered-To: cellar@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id ABE323A08DC; Tue, 21 Jul 2020 17:30:25 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Liang Xia via Datatracker <noreply@ietf.org>
To: <secdir@ietf.org>
Cc: cellar@ietf.org, last-call@ietf.org, draft-ietf-cellar-ffv1.all@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.9.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <159537782564.14553.11293321898516651562@ietfa.amsl.com>
Reply-To: Liang Xia <frank.xialiang@huawei.com>
Date: Tue, 21 Jul 2020 17:30:25 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/cellar/07YeBOkwbjD8Z8WQNwvJGj920pY>
Subject: [Cellar] Secdir last call review of draft-ietf-cellar-ffv1-16
X-BeenThere: cellar@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Codec Encoding for LossLess Archiving and Realtime transmission <cellar.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cellar>, <mailto:cellar-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cellar/>
List-Post: <mailto:cellar@ietf.org>
List-Help: <mailto:cellar-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cellar>, <mailto:cellar-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Jul 2020 00:30:26 -0000

Reviewer: Liang Xia
Review result: Ready

I have carried out the SecDir review for the -02 version, and all my nit
concerns are addressed in current -16 version.

But about my one question, I have not seen any response or actions: "Issues for
clarification: In Security Considerations, besides the DoS attacks brought by
the malicious payloads, is there any other kinds of attack possibly? For
example, virus or worm are hidden in the malicious payloads to attack the
system for more damages? Does it make sense and what's the consideration?"

This time, is there any clarification?
Thanks!