Re: [Cellar] Roman Danyliw's Discuss on draft-ietf-cellar-flac-12: (with DISCUSS and COMMENT)
Martijn van Beurden <mvanb1@gmail.com> Sun, 10 December 2023 13:28 UTC
Return-Path: <mvanb1@gmail.com>
X-Original-To: cellar@ietfa.amsl.com
Delivered-To: cellar@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17A8FC2395F8; Sun, 10 Dec 2023 05:28:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.856
X-Spam-Level:
X-Spam-Status: No, score=-6.856 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JsqDjH0UPrk7; Sun, 10 Dec 2023 05:28:19 -0800 (PST)
Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B96A5C18FCC7; Sun, 10 Dec 2023 05:28:19 -0800 (PST)
Received: by mail-lj1-x235.google.com with SMTP id 38308e7fff4ca-2ca09601127so46828731fa.1; Sun, 10 Dec 2023 05:28:19 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702214898; x=1702819698; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=O0v4MX1gOIIS916b3pdoP+UZaXk0Hdr4zNGg85c+6ic=; b=MyBD5crPfcSEh4cg0hEuJW+cL0+u6C2Vs34dl9w6i0HuIxAUIKeYt04+ilawKyeGC2 WsJAh63UjBBz6md2ibLVEiOZJ/phg7+HcEQNt4Sk8S22Xxx/irGaEWXhfWU4z7z57BSU laRMYBf46+Wj/Svg9HXKwW2UBOXbK0DHRYbmFiW+E6bp6keqwEtGJdzAZvSKyk7SQIqk 8xhdFji24f2mo2FiU2WaOQlYEnfy+iWazMElNTjF6qfN1mjqSj2Y0djNXKi2L95hAcn2 IT32d+gdopyKo10VvaTK2xtsM7krP9GvDAQOlEM5aiDReA0yKBu/aYUVu8hhtg4YlLhT tiXw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702214898; x=1702819698; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=O0v4MX1gOIIS916b3pdoP+UZaXk0Hdr4zNGg85c+6ic=; b=lJ7o1hatDu68nCyQX2T7eGL+w8F30/4Ic89Kb6c9Rll86EVfWbk+d6aufBCh+zPsA6 MvufVAS9Je6u/i8y9GXfwUvc95Qm/tLAevw3cxyNw0S4Svw6NHT/q/4ViGbRNrkUnvQS zD8nnIKkxfKxylKcJTF+tZOYR+1e0pHVsN9dmSuDUI46Ianu5j0VOpgnS3que2mi5wk0 a8hU1b5HfznFg1klnm3s4SmbMEk6dO/ksu8akLH0vF0xSCuY6nBCb0x1LqRpZOXFYlAK /TeZOlAAF5i6sR7Rw8l9zLt2cjvHxKk3uMcHXMfyt1viXgXAwIYyt2tAw/M7AwuG78/D 02aA==
X-Gm-Message-State: AOJu0Yw59228memGLO0EuWQlzXbLLEf5Emb6FST5pxpxG4LxGiayZeNO 46a8hP6laJXf4pLm8HiI0FrZ97uWEcYaSIhU6HQ=
X-Google-Smtp-Source: AGHT+IHOZUX1lMST9Ye2GdhnQsX8Ax0fc7Jjxco9XQUO4Z4EyZvQd2xUbOuQw42wgN5nH1O6HWHWFfSHunO7o6oBxTM=
X-Received: by 2002:a2e:960d:0:b0:2c9:fda7:1ad0 with SMTP id v13-20020a2e960d000000b002c9fda71ad0mr1065559ljh.77.1702214897559; Sun, 10 Dec 2023 05:28:17 -0800 (PST)
MIME-Version: 1.0
References: <169755971376.31873.11022904877825598565@ietfa.amsl.com>
In-Reply-To: <169755971376.31873.11022904877825598565@ietfa.amsl.com>
From: Martijn van Beurden <mvanb1@gmail.com>
Date: Sun, 10 Dec 2023 14:28:06 +0100
Message-ID: <CADQbU696bqJc9MU37vFJ2YOMiUhhzUTocziu8G12UOdcfn69bg@mail.gmail.com>
To: Roman Danyliw <rdd@cert.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-cellar-flac@ietf.org, cellar-chairs@ietf.org, cellar@ietf.org, spencerdawkins.ietf@gmail.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/cellar/QRJ8-ksWvxD52XH_HcA2fgS7j2s>
Subject: Re: [Cellar] Roman Danyliw's Discuss on draft-ietf-cellar-flac-12: (with DISCUSS and COMMENT)
X-BeenThere: cellar@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Codec Encoding for LossLess Archiving and Realtime transmission <cellar.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cellar>, <mailto:cellar-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cellar/>
List-Post: <mailto:cellar@ietf.org>
List-Help: <mailto:cellar-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cellar>, <mailto:cellar-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Dec 2023 13:28:24 -0000
Hi Roman, A new version of this document had just been submitted. I believe it addresses all issues raised. Many thanks for your thorough review. Kind regards, Martijn van Beurden Op di 17 okt 2023 om 18:21 schreef Roman Danyliw via Datatracker <noreply@ietf.org>: > > Roman Danyliw has entered the following ballot position for > draft-ietf-cellar-flac-12: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > for more information about how to handle DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-cellar-flac/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > ** Section 8.4 > The application metadata block is for use by third-party > applications. The only mandatory field is a 32-bit identifier. An > ID registry is being maintained at https://xiph.org/flac/id.html > (https://xiph.org/flac/id.html). > > -- Did the WG discuss the consequences of having normative behavior maintained > on this external website? I currently see < 30 entries. Why can’t this be > maintained by IANA? > > -- This third-party application registry URL needs to be a normative reference. > > ** Section 8.6.1 > For a more comprehensive list of possible field names, the list of > tags used in the MusicBrainz project (http://picard- > docs.musicbrainz.org/en/variables/variables.html) is recommended. > > -- It is unclear how this guidance should be treated by implementers. Is this > normative behavior to: (a) use the MusicBrainz URL to understand the semantics > of these field making this reference normative; or (b) this is a free-form > field outside the scope of this specification but there are community efforts > like MusicBrainz which is an _informative_ reference. In either case this URL > needs to be some kind of formal reference. > > -- Is there are reason why there isn’t an IANA registry for these field name? > > ** Section 8.7.1 Please make [ISRC-handbook] a normative reference since that > specification describes the track number value. > > ** Section 8.8. > the media type and description > are prepended with a 4-byte length field instead of being null > delimited strings. > > What is the format of “media type”? Is it > https://www.iana.org/assignments/media-types/media-types.xhtml? I ask because > “-->” is later mentioned as an escape sequence. > > ** Section 8.8. The values of table 13 are underspecified: > > -- per value = 1, “PNG file icon of 32x32 pixels”, please provide a reference > to the PNG format > > -- per value = 17, “A bright colored fish”, what is that? > > ** Section 8.8. The URI mechanism described in the Picture field of the > metadata block needs further security considerations. The SECDIR review also > pointed this out and discussion on possible new language has started. This > guidance needs to explicitly say that: > > -- the Security Considerations of RFC3986 apply (to cover threats of > maliciously craft URLs) > > -- following external URLs introduces a tracking risk from on-path observers > and the operator of the service hosting the URL. Likewise, the choice of > scheme, if it isn’t protected like https, could also introduce integrity > attacks by an on-path observer. > > -- a malicious operator of the service hosting the URL can return arbitrary > content that the parser will read > > -- implementers must guard against directory traversal attacks (since relative > URIs are permitted) and be cognizant of same-origin issues (and localhost and > local network) even more broadly > > -- (per SECDIR review) there could be a DoS attack against the operator of the > service when the URI from the FLAC file is retrieved > > ** Section 10. Since this document is describing normative behavior on > embedded this work into another container, that other container needs to be > named normatively. Specifically, please make [RFC3533] (Ogg) and > [I-D.ietf-cellar-matroska] (Matroska) normative references. > > ** Section 12 > FLAC files may contain executable code, although the FLAC format is > not designed for it and it is uncommon. One use case where FLAC is > occasionally used to store executable code is when compressing images > of mixed mode CDs, which contain both audio and non-audio data, of > which the non-audio portion can contain executable code. > > Thanks for calling this out. From this cautionary text, it is not clear to me > where in the FLAC format this executable code would be insert. What guidance > can be given to implementers about recognizing this executable code and > treating it with care? > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thank you to Robert Sparks for the SECDIR review. Also, thank you to Martijn > van Beurden for engaging on the feedback. Some of my DISCUSS feedback aligns > with this review. > > ** Section 7. > The flac command-line tool, > part of the FLAC reference implementation (see Section 11), generates > streamable subset files by default unless the --lax command-line > option is used. > > -- This single reference to a particular command line option seems out of > place. Why mention this one specifically? Are there other command line > switches that matter? > > -- Section 11 has text to remove upon publication. Should this text also be > removed since it won’t make sense without that section? > > ** Section 8.2. > > The MD5 signature is made by performing an MD5 transformation on the > samples of all channels interleaved, represented in signed, little- > endian form. ... > > This paragraph describes the need to construct a “MD5 signature”. I had > trouble understanding on what a “MD5 transformation” is. How is it computed? > > ** Section 8.8. Please provide a reference for ID3v3 specification. > > ** Section 9.1.5 > When a frame number is encoded, the value MUST NOT be larger than > what fits a value of 31 bits unencoded or 6 bytes encoded. Please > note that as most general purpose UTF-8 encoders and decoders follow > [RFC3629], they will not be able to handle these extended codes. > > I was confused on why a UTF-8 encoder or decoder would be used to process a raw > octet stream. Coded numbers don’t seem to be related to text strings. > > ** Section 9.2.2. Please provide informative references for “Meridian Lossless > Packing codec” and “lossyWAV”. > > ** Section 10. > The FLAC format can be used without any container, as it already > provides for a very thin transport layer. > > It wasn’t clear to me what “thin transport layer” meant here. > > ** Section 10.3. Recommend being clearer that the “full encapsulation > definition of FLAC audio in MP4 is outside the scope of this document”. > Perhaps: OLD > The full encapsulation definition of FLAC audio in MP4 files was > deemed too extensive to include in this document. A definition > document can be found at [FLAC-in-MP4-specification] > NEW > The full encapsulation definition of FLAC audio in MP4 files was deemed too > extensive and is out of scope for this document. A possible approach is found > at [FLAC-in-MP4-specification] > > ** Section 12. > Parsers MUST employ thorough checks on whether a found coded > number or seekpoint is at all possible. > > Is this check intended to verify that these seekpoints are in bounds? > > >
- [Cellar] Roman Danyliw's Discuss on draft-ietf-ce… Roman Danyliw via Datatracker
- Re: [Cellar] Roman Danyliw's Discuss on draft-iet… Martijn van Beurden
- Re: [Cellar] Roman Danyliw's Discuss on draft-iet… Michael Richardson
- Re: [Cellar] Roman Danyliw's Discuss on draft-iet… Martijn van Beurden