Re: [Cellar] New Version Notification - draft-ietf-cellar-ffv1-18.txt
Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Tue, 01 December 2020 23:41 UTC
Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: cellar@ietfa.amsl.com
Delivered-To: cellar@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94DC13A0B23; Tue, 1 Dec 2020 15:41:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D7a99Po-EoN6; Tue, 1 Dec 2020 15:41:28 -0800 (PST)
Received: from mail-yb1-xb2b.google.com (mail-yb1-xb2b.google.com [IPv6:2607:f8b0:4864:20::b2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACC5A3A0489; Tue, 1 Dec 2020 15:41:28 -0800 (PST)
Received: by mail-yb1-xb2b.google.com with SMTP id l14so3533978ybq.3; Tue, 01 Dec 2020 15:41:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=2PID2Ura0aGBNNJxmIEADCB4jV6suG+ZiH+5AQ9xQEg=; b=ocZTj8QocWLl5sp6RsiXb2L5mgcE1C3owB49kWXsasBTNCFUKuQJ48HghDqrtXZxlZ /iN8n694T7Pd4v6hmMoA0qyhS9E0KsMrLbh6W6o+QZgss6C3XK4coNQP2A/Xyha6OIfT 2EKrul6mLHFmGAHHl47eB1jzHTMsAr22YXq2YVqNmChS6KV0DhMM3sDvjn5yz9HCX6Ec 7P7/KlsBa8/4F0dI5d28NGmiP1zf4EOq1b+xP7adGwZZr5d8XRwofEWbx+minbcC372p pReofYFxcq5DE7/N0NU0VTTx92cgkthjtmiv8btm8AhppojbRifsYfokeAnp868ZyPeE jUlg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2PID2Ura0aGBNNJxmIEADCB4jV6suG+ZiH+5AQ9xQEg=; b=JqY70nbCnO6c9Vl8DJQi6j1aiq6p3FUGf7U4SQ2Oe+bW6q/kkfT/1eI7DtGzhMOCFF SJA7C9t1CYpyb2ejyCeXxGMv1blExSavLUd/OQvcn+LW04W5GsQ4P1QJJO5/TJ9tm0zi qEl7JStL4+PteLMI9plLIz3XzF0HQW5V35YN3vwBPJC1lkMBlL2EjhanfbJhqf7QUz8p aloqUjiwShry58N/PW99KyD+TtIPqz4UjK5AlZvSY6tcgqrmJKXUYd5qMrE8FAvpY5ZG f8Z6yhZsVFP0GP8FS3VaA4X2etl01XgNfgxjoqKjWaP2hdAgZO0J2FENjIPD/08Vb8Q9 TvRg==
X-Gm-Message-State: AOAM533rhsXUcp/CO/0VeUhrvh1YEUoY8r052MQZGIgK6yNYxxm7vJFD nykm0cXPao+6rcfqspPUx9WN43wKWeOPBaaoNWg=
X-Google-Smtp-Source: ABdhPJwEQyV5HJvlxt9j+TAJTvP4kXwpYhBAESWAu4gkF7ZWtz5l1x931XGBSmcTsdunvn9CDSTibrs0sQAWlsHeHO8=
X-Received: by 2002:a25:ae53:: with SMTP id g19mr6920144ybe.288.1606866087919; Tue, 01 Dec 2020 15:41:27 -0800 (PST)
MIME-Version: 1.0
References: <160208949226.20172.3161875416157552929@ietfa.amsl.com> <a5a36dfd1f17466db8a412f7b85f776d@cert.org> <CAKKJt-dqrbSxvNo4CA1eQaaumG7h2203MHMdg8a4BTWc-OjBnQ@mail.gmail.com> <FB3C907F-0DEB-4DB0-86C3-03B0AE02A78B@dericed.com> <B5AABB82-0474-4E3A-9211-403B2248F93E@dericed.com> <308c772b2e324fe88836caa91c78c8fb@cert.org>
In-Reply-To: <308c772b2e324fe88836caa91c78c8fb@cert.org>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Date: Tue, 01 Dec 2020 17:41:01 -0600
Message-ID: <CAKKJt-ea6ajN_o5V=KmW_amgq5KwWegH9rUH9ddkQmy9N=CXZw@mail.gmail.com>
To: Roman Danyliw <rdd@cert.org>
Cc: Dave Rice <dave@dericed.com>, "draft-ietf-cellar-ffv1.chairs@ietf.org" <draft-ietf-cellar-ffv1.chairs@ietf.org>, "draft-ietf-cellar-ffv1@ietf.org" <draft-ietf-cellar-ffv1@ietf.org>, Codec Encoding for LossLess Archiving and Realtime transmission <cellar@ietf.org>, Barry Leiba <barryleiba@computer.org>
Content-Type: multipart/alternative; boundary="0000000000005f42e305b56faac4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cellar/mW-DWAJ1oLzyw5dmQ-qy0QcnXNU>
Subject: Re: [Cellar] New Version Notification - draft-ietf-cellar-ffv1-18.txt
X-BeenThere: cellar@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Codec Encoding for LossLess Archiving and Realtime transmission <cellar.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cellar>, <mailto:cellar-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cellar/>
List-Post: <mailto:cellar@ietf.org>
List-Help: <mailto:cellar-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cellar>, <mailto:cellar-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Dec 2020 23:41:31 -0000
Thanks, Roman and Dave! Best, Spencer On Tue, Dec 1, 2020 at 4:01 PM Roman Danyliw <rdd@cert.org> wrote: > Hi Dave! > > > > -----Original Message----- > > From: Dave Rice <dave@dericed.com> > > Sent: Tuesday, December 1, 2020 4:17 PM > > To: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>; Roman > > Danyliw <rdd@cert.org> > > Cc: draft-ietf-cellar-ffv1.chairs@ietf.org; > draft-ietf-cellar-ffv1@ietf.org; Codec > > Encoding for LossLess Archiving and Realtime transmission < > cellar@ietf.org>; > > Barry Leiba <barryleiba@computer.org> > > Subject: Re: [Cellar] New Version Notification - > draft-ietf-cellar-ffv1-18.txt > > > > Hi Roman, Spencer, > > > > > On Oct 30, 2020, at 1:41 PM, Dave Rice <dave@dericed.com> wrote: > > > > > > Thank you Roman, > > > > > >> On Oct 21, 2020, at 2:03 PM, Spencer Dawkins at IETF > > <spencerdawkins.ietf@gmail.com> wrote: > > >> > > >> Hi, Roman, > > >> > > >> On Wed, Oct 21, 2020 at 12:38 PM Roman Danyliw <rdd@cert.org> wrote: > > >> Hi! > > >> (I can't find your response email to my ballot in my mail client > despite it > > being in the archive, so apologizes for making the new thread). > > >> > > >> Thanks for the -18 which cleared most of the COMMENTs. I updated my > > ballot. > > >> > > >> In the spirit of clearing what I consider a straightforward DISCUSS, > might I > > suggest: > > >> > > >> OLD > > >> > > >> Implementations of the FFV1 codec need to take appropriate security > > >> considerations into account, as outlined in [RFC4732]. It is > > >> extremely important for the decoder to be robust against malicious > > >> payloads. Malicious payloads MUST NOT cause the decoder to overrun > > >> its allocated memory or to take an excessive amount of resources to > > >> decode. The same applies to the encoder, ... > > >> > > >> NEW > > >> > > >> Implementations of the FFV1 codec need to take appropriate security > > considerations into account. Those related to denial of service are > outlined in > > Section 2.1 of [RFC4732]. It is extremely important for the decoder to > be > > robust against malicious payloads. Malicious payloads MUST NOT cause the > > decoder to overrun its allocated memory or to take an excessive amount of > > resources to decode. An overrun in allocated memory could lead to > arbitrary > > code execution by an attacker. The same applies to the encoder, ... > > > > > > The recommendation looks appropriate to me and more clear. I moved it > to a > > pull request at https://github.com/FFmpeg/FFV1/pull/253 for the > consideration > > of the other authors. > > > > Please note that we just updated the draft to include the recommended > > changes for security considerations on denial of service, which can be > reviewed > > in version 19 of > https://datatracker.ietf.org/doc/draft-ietf-cellar-ffv1/. Here’s a > > link to the diff of version 18 and 19: > https://www.ietf.org/rfcdiff?url1=draft- > > ietf-cellar-ffv1-18&url2=draft-ietf-cellar-ffv1-19&difftype=--html. > > Thanks for the update and pushing this text into -19. I just cleared my > discussion position. > > Regards, > Roman >
- Re: [Cellar] FW: New Version Notification - draft… Spencer Dawkins at IETF
- Re: [Cellar] New Version Notification - draft-iet… Dave Rice
- Re: [Cellar] New Version Notification - draft-iet… Dave Rice
- Re: [Cellar] New Version Notification - draft-iet… Roman Danyliw
- Re: [Cellar] New Version Notification - draft-iet… Spencer Dawkins at IETF