Re: [Cellar] Opsdir last call review of draft-ietf-cellar-ffv1-17

Jerome Martinez <> Sun, 06 September 2020 10:55 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 659523A0CD1 for <>; Sun, 6 Sep 2020 03:55:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.845
X-Spam-Status: No, score=-2.845 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.948, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id XuP_nzjS6VQM for <>; Sun, 6 Sep 2020 03:55:32 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 325293A0CCC for <>; Sun, 6 Sep 2020 03:55:31 -0700 (PDT)
Received: from (unknown []) by (Postfix) with ESMTP id BA6499B65C for <>; Sun, 6 Sep 2020 12:55:29 +0200 (CEST)
Received: from ( []) (Authenticated sender: by (Postfix) with ESMTPSA id 1417115B4F43D; Sun, 6 Sep 2020 10:55:23 +0000 (UTC)
Authentication-Results:; auth=pass (GARM-100R0032f67823d-548f-4b27-8d74-a45b4bd5f0e3, E9516DFBA202DD949415F05DBAC7B10ABF94B0F5)
To: Qin Wu <>,
References: <>
From: Jerome Martinez <>
Message-ID: <>
Date: Sun, 6 Sep 2020 12:55:24 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-Ovh-Tracer-Id: 13844346730796552363
X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgeduiedrudegjedgfeehucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucenucfjughrpefuvfhfhffkffgfgggjtgfgsehtkeertddtfeejnecuhfhrohhmpeflvghrohhmvgcuofgrrhhtihhnvgiiuceojhgvrhhomhgvsehmvgguihgrrghrvggrrdhnvghtqeenucggtffrrghtthgvrhhnpeejffeuvdejjeevieefvdefhefgieeijeeffffgteeikeevheejhfdvheefteduvdenucffohhmrghinhepmhgvughirggrrhgvrgdrnhgvthdpihgvthhfrdhorhhgnecukfhppedtrddtrddtrddtpdekgedrudegfedrudehfedrudduudenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphdqohhuthdphhgvlhhopehplhgrhigvrhejuddurdhhrgdrohhvhhdrnhgvthdpihhnvghtpedtrddtrddtrddtpdhmrghilhhfrhhomhepjhgvrhhomhgvsehmvgguihgrrghrvggrrdhnvghtpdhrtghpthhtoheptggvlhhlrghrsehivghtfhdrohhrgh
Archived-At: <>
Subject: Re: [Cellar] Opsdir last call review of draft-ietf-cellar-ffv1-17
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Codec Encoding for LossLess Archiving and Realtime transmission <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 06 Sep 2020 10:55:43 -0000

Hi Qin,

Thank you for your review, answers inline:

On 06/09/2020 10:28, Qin Wu via Datatracker wrote:
> Reviewer: Qin Wu
> Review result: Ready
> I have reviewed this document on behalf of the Operations and Management
> Directorate. Four questions  need to be clarified: 1. why document v0,v1,v3 in
> draft-ietf-cellar-ffv1 as informational and document v4 in
> draft-ietf-cellar-ffv1-v4-14 as standard track? Not clear the key difference
> between v04 and all other previous versions?

v0,v1,v3 bitstreams are already in the wild, the FFV1 v0,v1,v3 
specification documents what is already in use and we adapt the 
specification (including documenting issues found during the review of 
the encoders and decoders) to the bitstream in the wild instead of a 
clean change of the bistream when an issue is found, this is not really 
a standard with a consensus during the writing of the specification, the 
choice was to have informational status due to this.

FFV1 v4 is not in the wild (the only encoder able to create such 
bitstream need to receive a "experimental" flag in order to create such 
bitstream), it is a future specification, clean, and we'll adapt the 
encoders/decoders to the decided specification, so standard status. Note 
that v4 i based on v0,v1,v3 so evolves at the same time but is not ready 
and not part of this last call review.

>   2. Why not specify transport, is
> container sto which the ffv1 is mapped equivalent to transport? without
> transport, how to provide confidentiality, integrity, and source authenticity?

FFV1 is a video coding format, like Opus is an audio coding format, Opus 
does not specify transport too. FFV1 is intended to be encapsulated in a 
container and we don't feel the need to have a dedicated transport for 
FFV1, we use (de facto or not) standard like MP4 (ISO standard) or 
Matroska (de facto standard and IETF standard candidate) for the 
transport. Note that Opus is an IETF standard (RFC 6716) without transport.

Confidentiality, integrity, and source authenticity is delegated to the 
transport layer, as it is the case with Opus or many other coding formats.

> 3. how error_status and crc parity are used? e.g., using crc parity detect
> error? can error be repaired? how?

error_status was intended for storing information about errors found in 
the bitstream, AFAIK it is not used in any encoder or decoder for 
filling (it is always 0) or reading (value discarded) this value but the 
informal specification has always planned this byte for error status so 
we currently keep it as instead of flagging it e.g as "reserved". We can 
not remove it from the bitstream as we document what is already in use 
in v0,v1,v3.

crc parity is used for detecting a transport or storage error, in order 
to detect that losslessness is compromised by an unintentional change.
the reference decoder (FFmpeg) first computes the CRC and rejects the 
slice if a CRC is not the expected one before trying to decode, and a 
conformance checker like MediaConch indicates that the file has a 
problem if a CRC is not the expected one.

The purpose is not especially to repair (this is not an error correction 
code), only to detect integrity issues, but there is a proof of concept 
of repairing a bit flip based on CRC at

>   4. Is bitstream parameters such as version,
> micor-version,num_h_slices,num_v_slices sensitity information that can
> disclosed? any security risk?

All these parameters are needed for setting up the decoder, and they are 
not sensitive, it i just a configuration of the bitstream (for example 
an higher minor_version could indicate that there is an extra field 
after the configuration but would not indicate the encoder name).
We documented the security risks we know in the security section 
(updated through 
after a remark from Secdir), and the decoder is expected to reject 
incoherent values e.g. num_h_slices bigger than pixel width.