Re: [Cellar] New Version Notification - draft-ietf-cellar-ffv1-18.txt

Roman Danyliw <rdd@cert.org> Tue, 01 December 2020 22:01 UTC

Return-Path: <rdd@cert.org>
X-Original-To: cellar@ietfa.amsl.com
Delivered-To: cellar@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48E1B3A1506; Tue, 1 Dec 2020 14:01:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level:
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QC6faFv81aDm; Tue, 1 Dec 2020 14:01:56 -0800 (PST)
Received: from taper.sei.cmu.edu (taper.sei.cmu.edu [147.72.252.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 389E03A1505; Tue, 1 Dec 2020 14:01:55 -0800 (PST)
Received: from korb.sei.cmu.edu (korb.sei.cmu.edu [10.64.21.30]) by taper.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 0B1M16mq016541; Tue, 1 Dec 2020 17:01:06 -0500
DKIM-Filter: OpenDKIM Filter v2.11.0 taper.sei.cmu.edu 0B1M16mq016541
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1606860066; bh=yrgFyKSrnT2i8YWJ8YZGpQ6EfJq5hEhQSsediPMRfC8=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=P6kckDd5QAPauDtAlQKI5w+FmCLYl2Khn3vzbqT2LWU1ONFK+NWajsygyyYRM/8gi OVxIAOarozslc7wqGcLX/KPmj/Dl0CCKriHeXf61yIyp0h9jpEi8XzfgudytE+Yxgv dREy6nudvcki49jvvPsvNTjop4suAtKlPqsSSvEA=
Received: from MORRIS.ad.sei.cmu.edu (morris.ad.sei.cmu.edu [147.72.252.46]) by korb.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 0B1M14qP017066; Tue, 1 Dec 2020 17:01:04 -0500
Received: from MORRIS.ad.sei.cmu.edu (147.72.252.46) by MORRIS.ad.sei.cmu.edu (147.72.252.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Tue, 1 Dec 2020 17:01:04 -0500
Received: from MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb]) by MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb%13]) with mapi id 15.01.2106.002; Tue, 1 Dec 2020 17:01:04 -0500
From: Roman Danyliw <rdd@cert.org>
To: Dave Rice <dave@dericed.com>, Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
CC: "draft-ietf-cellar-ffv1.chairs@ietf.org" <draft-ietf-cellar-ffv1.chairs@ietf.org>, "draft-ietf-cellar-ffv1@ietf.org" <draft-ietf-cellar-ffv1@ietf.org>, "Codec Encoding for LossLess Archiving and Realtime transmission" <cellar@ietf.org>, Barry Leiba <barryleiba@computer.org>
Thread-Topic: [Cellar] New Version Notification - draft-ietf-cellar-ffv1-18.txt
Thread-Index: AQHWruuzAiXNhGI6XEOa/iU25Oq7SKnjRIWA//+4RUA=
Date: Tue, 1 Dec 2020 22:01:03 +0000
Message-ID: <308c772b2e324fe88836caa91c78c8fb@cert.org>
References: <160208949226.20172.3161875416157552929@ietfa.amsl.com> <a5a36dfd1f17466db8a412f7b85f776d@cert.org> <CAKKJt-dqrbSxvNo4CA1eQaaumG7h2203MHMdg8a4BTWc-OjBnQ@mail.gmail.com> <FB3C907F-0DEB-4DB0-86C3-03B0AE02A78B@dericed.com> <B5AABB82-0474-4E3A-9211-403B2248F93E@dericed.com>
In-Reply-To: <B5AABB82-0474-4E3A-9211-403B2248F93E@dericed.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.202.131]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cellar/YlshYb5hH6DB_1e8W_qT_8yQLgY>
Subject: Re: [Cellar] New Version Notification - draft-ietf-cellar-ffv1-18.txt
X-BeenThere: cellar@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Codec Encoding for LossLess Archiving and Realtime transmission <cellar.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cellar>, <mailto:cellar-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cellar/>
List-Post: <mailto:cellar@ietf.org>
List-Help: <mailto:cellar-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cellar>, <mailto:cellar-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2020 22:01:58 -0000

Hi Dave!


> -----Original Message-----
> From: Dave Rice <dave@dericed.com>
> Sent: Tuesday, December 1, 2020 4:17 PM
> To: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>om>; Roman
> Danyliw <rdd@cert.org>
> Cc: draft-ietf-cellar-ffv1.chairs@ietf.org; draft-ietf-cellar-ffv1@ietf.org; Codec
> Encoding for LossLess Archiving and Realtime transmission <cellar@ietf.org>rg>;
> Barry Leiba <barryleiba@computer.org>
> Subject: Re: [Cellar] New Version Notification - draft-ietf-cellar-ffv1-18.txt
> 
> Hi Roman, Spencer,
> 
> > On Oct 30, 2020, at 1:41 PM, Dave Rice <dave@dericed.com> wrote:
> >
> > Thank you Roman,
> >
> >> On Oct 21, 2020, at 2:03 PM, Spencer Dawkins at IETF
> <spencerdawkins.ietf@gmail.com> wrote:
> >>
> >> Hi, Roman,
> >>
> >> On Wed, Oct 21, 2020 at 12:38 PM Roman Danyliw <rdd@cert.org> wrote:
> >> Hi!
> >> (I can't find your response email to my ballot in my mail client despite it
> being in the archive, so apologizes for making the new thread).
> >>
> >> Thanks for the -18 which cleared most of the COMMENTs.  I updated my
> ballot.
> >>
> >> In the spirit of clearing what I consider a straightforward DISCUSS, might I
> suggest:
> >>
> >> OLD
> >>
> >>   Implementations of the FFV1 codec need to take appropriate security
> >>    considerations into account, as outlined in [RFC4732].  It is
> >>    extremely important for the decoder to be robust against malicious
> >>    payloads.  Malicious payloads MUST NOT cause the decoder to overrun
> >>    its allocated memory or to take an excessive amount of resources to
> >>    decode.  The same applies to the encoder, ...
> >>
> >> NEW
> >>
> >> Implementations of the FFV1 codec need to take appropriate security
> considerations into account.  Those related to denial of service are outlined in
> Section 2.1 of [RFC4732].  It is extremely important for the decoder to be
> robust against malicious payloads.  Malicious payloads MUST NOT cause the
> decoder to overrun its allocated memory or to take an excessive amount of
> resources to decode.    An overrun in allocated memory could lead to arbitrary
> code execution by an attacker.  The same applies to the encoder, ...
> >
> > The recommendation looks appropriate to me and more clear. I moved it to a
> pull request at https://github.com/FFmpeg/FFV1/pull/253 for the consideration
> of the other authors.
> 
> Please note that we just updated the draft to include the recommended
> changes for security considerations on denial of service, which can be reviewed
> in version 19 of https://datatracker.ietf.org/doc/draft-ietf-cellar-ffv1/. Here’s a
> link to the diff of version 18 and 19: https://www.ietf.org/rfcdiff?url1=draft-
> ietf-cellar-ffv1-18&url2=draft-ietf-cellar-ffv1-19&difftype=--html.

Thanks for the update and pushing this text into -19.  I just cleared my discussion position.

Regards,
Roman