Re: [Cellar] FW: New Version Notification - draft-ietf-cellar-ffv1-18.txt
Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Wed, 21 October 2020 18:03 UTC
Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: cellar@ietfa.amsl.com
Delivered-To: cellar@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF1CE3A13F7; Wed, 21 Oct 2020 11:03:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 195PLzOTeTpO; Wed, 21 Oct 2020 11:03:49 -0700 (PDT)
Received: from mail-yb1-xb2f.google.com (mail-yb1-xb2f.google.com [IPv6:2607:f8b0:4864:20::b2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C2FAE3A13F5; Wed, 21 Oct 2020 11:03:48 -0700 (PDT)
Received: by mail-yb1-xb2f.google.com with SMTP id l15so2555219ybp.2; Wed, 21 Oct 2020 11:03:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=sbhh6yZrKCguiHgMmiAZH+PhzRt2/VLghm2yQouU5yw=; b=CeIFtsmg4+o+Z6OAUAzVB9GcgQTRWyOiUg+S9rVdYJX2wZ7dItPwMajf1AM88SqJnK vudUaEGw+cM6q4xRlobRzflb6h+5jJr5UDgul+7+bNso3CvpbEo4qlEkZxsEaQBIltZK r73oHC5962ALoXrg6Mf024K6nv63oaAHqCh/onvSzuyFP7GDkdB+IltVvUnv55d5xUiT bFBMvedkfOtaxqSwB4WIXq9Qt8bhQEYoC3D6yuLx05IjB/KMOQ7jzHy9JEq+qvmPeJPG xYPGep+lnjXKXzS76Bmlihs9IpAr2JLTQwx/K8Iwl0C+AjwUz4wHAfM9+ZQv4V3xmp+v 00lw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=sbhh6yZrKCguiHgMmiAZH+PhzRt2/VLghm2yQouU5yw=; b=rE3kAVMru3gq8P9XzCqJnGAwk4KMMshOsc8zc3asZr11cT9lmx8KdSXeg7QY+wawtz f68fScRbgsBQMsgnn/gSX51yOV0UqbvE4mtKihSFhzjROTFrB0WMDkoxoIITvcY6ilYB JURT1JRCJPbBme9jDKahlDcjFOblQoH7gZXZt+rKwzh1SF7m+iqKgLu/WMKfqEskA1Si 2WNuwEE80fb93tLIdEIMHDjbA/vT9OJ8iEnuMj2Pg8KhbBnHniO3jRLzt+dHBfPtsQHV 1xaPbiR+lVXtjL4tcQPLuxkhZL6IEcBGyvmGCrkiTFc0rSeNppbrH90uASKE3nqtLqAQ c8jQ==
X-Gm-Message-State: AOAM533/ehHn5VbqbNKW74fzI4vifPKNLOgH0BI0bOzGOzOP8TZn6cv9 nolaL8by6ofQ+ufzvAeZsvZpDBjhrOIeM+N2CS4=
X-Google-Smtp-Source: ABdhPJzIh0Zxyfjfnqi3+MPmCjOqq1vjrs6rjWDYndQtiiMs+VrpwalqBbDqsChWLjkxoi3Op48I/CN/gLw1qOoRd8A=
X-Received: by 2002:a25:cc89:: with SMTP id l131mr6337422ybf.154.1603303427763; Wed, 21 Oct 2020 11:03:47 -0700 (PDT)
MIME-Version: 1.0
References: <160208949226.20172.3161875416157552929@ietfa.amsl.com> <a5a36dfd1f17466db8a412f7b85f776d@cert.org>
In-Reply-To: <a5a36dfd1f17466db8a412f7b85f776d@cert.org>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Date: Wed, 21 Oct 2020 13:03:21 -0500
Message-ID: <CAKKJt-dqrbSxvNo4CA1eQaaumG7h2203MHMdg8a4BTWc-OjBnQ@mail.gmail.com>
To: Roman Danyliw <rdd@cert.org>
Cc: "draft-ietf-cellar-ffv1@ietf.org" <draft-ietf-cellar-ffv1@ietf.org>, "draft-ietf-cellar-ffv1.chairs@ietf.org" <draft-ietf-cellar-ffv1.chairs@ietf.org>, Barry Leiba <barryleiba@computer.org>, Codec Encoding for LossLess Archiving and Realtime transmission <cellar@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004771df05b2322bb2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cellar/KuYTCNSVV65KDqxq7EynlPbzZK4>
Subject: Re: [Cellar] FW: New Version Notification - draft-ietf-cellar-ffv1-18.txt
X-BeenThere: cellar@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Codec Encoding for LossLess Archiving and Realtime transmission <cellar.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cellar>, <mailto:cellar-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cellar/>
List-Post: <mailto:cellar@ietf.org>
List-Help: <mailto:cellar-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cellar>, <mailto:cellar-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Oct 2020 18:03:51 -0000
Hi, Roman, On Wed, Oct 21, 2020 at 12:38 PM Roman Danyliw <rdd@cert.org> wrote: > Hi! > (I can't find your response email to my ballot in my mail client despite > it being in the archive, so apologizes for making the new thread). > > Thanks for the -18 which cleared most of the COMMENTs. I updated my > ballot. > > In the spirit of clearing what I consider a straightforward DISCUSS, might > I suggest: > > OLD > > Implementations of the FFV1 codec need to take appropriate security > considerations into account, as outlined in [RFC4732]. It is > extremely important for the decoder to be robust against malicious > payloads. Malicious payloads MUST NOT cause the decoder to overrun > its allocated memory or to take an excessive amount of resources to > decode. The same applies to the encoder, ... > > NEW > > Implementations of the FFV1 codec need to take appropriate security > considerations into account. Those related to denial of service are > outlined in Section 2.1 of [RFC4732]. It is extremely important for the > decoder to be robust against malicious payloads. Malicious payloads MUST > NOT cause the decoder to overrun its allocated memory or to take an > excessive amount of resources to decode. An overrun in allocated memory > could lead to arbitrary code execution by an attacker. The same applies to > the encoder, ... > > Regards, > Roman > Thanks for this! and I am including the working group in my reply, so everyone will see it. Best, Spencer > > -----Original Message----- > From: internet-drafts@ietf.org <internet-drafts@ietf.org> > Sent: Wednesday, October 7, 2020 12:52 PM > To: Michael Richardson <mcr+ietf@sandelman.ca>; superuser@gmail.com; > barryleiba@computer.org; Roman Danyliw <rdd@cert.org>; Peter B. < > pb@das-werkstatt.com> > Subject: New Version Notification - draft-ietf-cellar-ffv1-18.txt > > > A new version (-18) has been submitted for draft-ietf-cellar-ffv1: > https://www.ietf.org/id/draft-ietf-cellar-ffv1-18.txt > https://www.ietf.org/id/draft-ietf-cellar-ffv1-18.html > > > The IETF datatracker page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-ietf-cellar-ffv1/ > > Diff from previous version: > https://www.ietf.org/rfcdiff?url2=draft-ietf-cellar-ffv1-18 > > Please note that it may take a couple of minutes from the time of > submission until the diff is available at tools.ietf.org. > > IETF Secretariat. > > >
- Re: [Cellar] FW: New Version Notification - draft… Spencer Dawkins at IETF
- Re: [Cellar] New Version Notification - draft-iet… Dave Rice
- Re: [Cellar] New Version Notification - draft-iet… Dave Rice
- Re: [Cellar] New Version Notification - draft-iet… Roman Danyliw
- Re: [Cellar] New Version Notification - draft-iet… Spencer Dawkins at IETF