Re: [Cellar] New Version Notification - draft-ietf-cellar-ffv1-18.txt
Dave Rice <dave@dericed.com> Fri, 30 October 2020 17:42 UTC
Return-Path: <dave@dericed.com>
X-Original-To: cellar@ietfa.amsl.com
Delivered-To: cellar@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A4BC3A1076; Fri, 30 Oct 2020 10:42:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.118
X-Spam-Level:
X-Spam-Status: No, score=-1.118 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NEUTRAL=0.779, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G0TYet9wB-1C; Fri, 30 Oct 2020 10:42:27 -0700 (PDT)
Received: from server172-4.web-hosting.com (server172-4.web-hosting.com [68.65.122.112]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A390B3A107C; Fri, 30 Oct 2020 10:42:27 -0700 (PDT)
Received: from cpe-104-162-85-222.nyc.res.rr.com ([104.162.85.222]:52706 helo=[192.168.0.177]) by server172.web-hosting.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from <dave@dericed.com>) id 1kYYPs-0005Jl-3Z; Fri, 30 Oct 2020 13:42:26 -0400
From: Dave Rice <dave@dericed.com>
Message-Id: <FB3C907F-0DEB-4DB0-86C3-03B0AE02A78B@dericed.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_AAE730E0-01D7-47BA-AE89-05C98DADD093"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
Date: Fri, 30 Oct 2020 13:41:51 -0400
In-Reply-To: <CAKKJt-dqrbSxvNo4CA1eQaaumG7h2203MHMdg8a4BTWc-OjBnQ@mail.gmail.com>
Cc: "draft-ietf-cellar-ffv1.chairs@ietf.org" <draft-ietf-cellar-ffv1.chairs@ietf.org>, "draft-ietf-cellar-ffv1@ietf.org" <draft-ietf-cellar-ffv1@ietf.org>, Codec Encoding for LossLess Archiving and Realtime transmission <cellar@ietf.org>, Barry Leiba <barryleiba@computer.org>
To: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>, Roman Danyliw <rdd@cert.org>
References: <160208949226.20172.3161875416157552929@ietfa.amsl.com> <a5a36dfd1f17466db8a412f7b85f776d@cert.org> <CAKKJt-dqrbSxvNo4CA1eQaaumG7h2203MHMdg8a4BTWc-OjBnQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-OutGoing-Spam-Status: No, score=-0.2
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server172.web-hosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - dericed.com
X-Get-Message-Sender-Via: server172.web-hosting.com: authenticated_id: dave@dericed.com
X-Authenticated-Sender: server172.web-hosting.com: dave@dericed.com
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched
Archived-At: <https://mailarchive.ietf.org/arch/msg/cellar/I4dRnxEzjBRTK7pWbbBAlnRVSD0>
Subject: Re: [Cellar] New Version Notification - draft-ietf-cellar-ffv1-18.txt
X-BeenThere: cellar@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Codec Encoding for LossLess Archiving and Realtime transmission <cellar.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cellar>, <mailto:cellar-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cellar/>
List-Post: <mailto:cellar@ietf.org>
List-Help: <mailto:cellar-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cellar>, <mailto:cellar-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Oct 2020 17:42:30 -0000
Thank you Roman, > On Oct 21, 2020, at 2:03 PM, Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> wrote: > > Hi, Roman, > > On Wed, Oct 21, 2020 at 12:38 PM Roman Danyliw <rdd@cert.org <mailto:rdd@cert.org>> wrote: > Hi! > (I can't find your response email to my ballot in my mail client despite it being in the archive, so apologizes for making the new thread). > > Thanks for the -18 which cleared most of the COMMENTs. I updated my ballot. > > In the spirit of clearing what I consider a straightforward DISCUSS, might I suggest: > > OLD > > Implementations of the FFV1 codec need to take appropriate security > considerations into account, as outlined in [RFC4732]. It is > extremely important for the decoder to be robust against malicious > payloads. Malicious payloads MUST NOT cause the decoder to overrun > its allocated memory or to take an excessive amount of resources to > decode. The same applies to the encoder, ... > > NEW > > Implementations of the FFV1 codec need to take appropriate security considerations into account. Those related to denial of service are outlined in Section 2.1 of [RFC4732]. It is extremely important for the decoder to be robust against malicious payloads. Malicious payloads MUST NOT cause the decoder to overrun its allocated memory or to take an excessive amount of resources to decode. An overrun in allocated memory could lead to arbitrary code execution by an attacker. The same applies to the encoder, ... The recommendation looks appropriate to me and more clear. I moved it to a pull request at https://github.com/FFmpeg/FFV1/pull/253 for the consideration of the other authors. Kind Regards, Dave Rice > Regards, > Roman > > Thanks for this! and I am including the working group in my reply, so everyone will see it. > > Best, > > Spencer > > > -----Original Message----- > From: internet-drafts@ietf.org <mailto:internet-drafts@ietf.org> <internet-drafts@ietf.org <mailto:internet-drafts@ietf.org>> > Sent: Wednesday, October 7, 2020 12:52 PM > To: Michael Richardson <mcr+ietf@sandelman.ca <mailto:mcr%2Bietf@sandelman.ca>>; superuser@gmail.com <mailto:superuser@gmail.com>; barryleiba@computer.org <mailto:barryleiba@computer.org>; Roman Danyliw <rdd@cert.org <mailto:rdd@cert.org>>; Peter B. <pb@das-werkstatt.com <mailto:pb@das-werkstatt.com>> > Subject: New Version Notification - draft-ietf-cellar-ffv1-18.txt > > > A new version (-18) has been submitted for draft-ietf-cellar-ffv1: > https://www.ietf.org/id/draft-ietf-cellar-ffv1-18.txt <https://www.ietf.org/id/draft-ietf-cellar-ffv1-18.txt> > https://www.ietf.org/id/draft-ietf-cellar-ffv1-18.html <https://www.ietf.org/id/draft-ietf-cellar-ffv1-18.html> > > > The IETF datatracker page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-ietf-cellar-ffv1/ <https://datatracker.ietf.org/doc/draft-ietf-cellar-ffv1/> > > Diff from previous version: > https://www.ietf.org/rfcdiff?url2=draft-ietf-cellar-ffv1-18 <https://www.ietf.org/rfcdiff?url2=draft-ietf-cellar-ffv1-18> > > Please note that it may take a couple of minutes from the time of submission until the diff is available at tools.ietf.org <http://tools.ietf.org/>. > > IETF Secretariat. > > > _______________________________________________ > Cellar mailing list > Cellar@ietf.org > https://www.ietf.org/mailman/listinfo/cellar
- Re: [Cellar] FW: New Version Notification - draft… Spencer Dawkins at IETF
- Re: [Cellar] New Version Notification - draft-iet… Dave Rice
- Re: [Cellar] New Version Notification - draft-iet… Dave Rice
- Re: [Cellar] New Version Notification - draft-iet… Roman Danyliw
- Re: [Cellar] New Version Notification - draft-iet… Spencer Dawkins at IETF