IETF Logo Mail Archive

Re: [codec] AD Evaluation of draft-ietf-codec-opus-update-07

Jean-Marc Valin <jmvalin@jmvalin.ca> Wed, 26 July 2017 04:09 UTC

Return-Path: <jmvalin@jmvalin.ca>
X-Original-To: codec@ietfa.amsl.com
Delivered-To: codec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBDF6132019 for <codec@ietfa.amsl.com>; Tue, 25 Jul 2017 21:09:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=jmvalin-ca.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sAZsCuFOhUwF for <codec@ietfa.amsl.com>; Tue, 25 Jul 2017 21:09:16 -0700 (PDT)
Received: from mail-io0-x22f.google.com (mail-io0-x22f.google.com [IPv6:2607:f8b0:4001:c06::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0FEB3129AD3 for <codec@ietf.org>; Tue, 25 Jul 2017 21:09:16 -0700 (PDT)
Received: by mail-io0-x22f.google.com with SMTP id m88so54644786iod.2 for <codec@ietf.org>; Tue, 25 Jul 2017 21:09:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jmvalin-ca.20150623.gappssmtp.com; s=20150623; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to; bh=BzZRNdGciWRpxz1Xtv2NjMHWsTlilABhLAJONPZyk90=; b=D2uCfB3BGlp7HtICq55EOcDPzSXnGiPDvEVbmpZJAgHKThbTyeNZiJ1ismmtzS2R4W WUCg8MOVHyr/kvyKG4N9LO/KgLd8TTSKG2xHNDnuDXc8qMbW6SUrX0MhbWa4fuI0vro3 K2ANZuNTkKR+STga0Ys6/L6Ow0LlcKrn/e6C+kU9vWqNx/RbOtGbqDsMqCooUdz46wFF ueO1Iy2P/0d4Zhq7XyryXq9E0r0s7ArGvBk6rU6UATrgGZs41LsUHJK6gnWumbBhqiWy aStxi2/X/IG+vlklG167YfR36UpoQKdtpujqnUjXFR3kYhSq4VpC7fEDmUCTce057eD/ aIOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to; bh=BzZRNdGciWRpxz1Xtv2NjMHWsTlilABhLAJONPZyk90=; b=UOFC84IJ1arQdn6/kfoRl8T1m86gv7S9uZ7FKX2D8iYKG6O53Yw1zop3tVyi3h0R4O rVyUloPQ3QMZPTQUN2e7ngz0OxSWHgAU7bPOiNH7/jE0RG5LNxN/vpyiFF8sXABDNSNF wUNKji6+HmTKTfcjJcBBOUwEPG5RgXPbcygGQx1e9Bc470qAxZL1ctPRRMz7XN52qsyy 7kJdanzjDRIpjQlqwIP3aLwFE37JrHwFcIoCOqiXcyLErWl9fg3Kh/IY08DC/1K2c9hK XN3xWZE/dWvj5PNzl0qka9DCnJva3zzoG4kZAGstDSNfyGeBVt+aAY9M7AJL9Adj700a fzoA==
X-Gm-Message-State: AIVw113YwtlQHJ+/nqsaBa7JsSW1XiJE7A0E+4Sp9oIqz1WSWDyNDxcW EqikWeP3S9zM7sBCRdA=
X-Received: by 10.107.171.193 with SMTP id u184mr15932347ioe.39.1501042155010; Tue, 25 Jul 2017 21:09:15 -0700 (PDT)
Received: from panoramix.jmvalin.ca (modemcable067.31-56-74.mc.videotron.ca. [74.56.31.67]) by smtp.gmail.com with ESMTPSA id q133sm7798703ioe.58.2017.07.25.21.09.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 25 Jul 2017 21:09:13 -0700 (PDT)
To: Ben Campbell <ben@nostrum.com>, draft-ietf-codec-opus-update.all@ietf.org
References: <44ADD827-E40E-4BBE-91DB-EFFC249AA10E@nostrum.com>
Cc: codec@ietf.org
From: Jean-Marc Valin <jmvalin@jmvalin.ca>
Message-ID: <3e689239-f217-2185-96e2-c6ae35b4d0f3@jmvalin.ca>
Date: Wed, 26 Jul 2017 00:09:12 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <44ADD827-E40E-4BBE-91DB-EFFC249AA10E@nostrum.com>
Content-Type: multipart/mixed; boundary="------------EE9B9E23FAE7DCA154593629"
Archived-At: <https://mailarchive.ietf.org/arch/msg/codec/up6ROxDyv_9-XFi0rnvRxjlOMdk>
Subject: Re: [codec] AD Evaluation of draft-ietf-codec-opus-update-07
X-BeenThere: codec@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Codec WG <codec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/codec>, <mailto:codec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/codec/>
List-Post: <mailto:codec@ietf.org>
List-Help: <mailto:codec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/codec>, <mailto:codec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jul 2017 04:09:19 -0000

Hi Ben,

Thanks for taking the time to review this document. I agree with all
your comments and I attached the XML diff for the changes I'm proposing
to address them. Let me know if you're happy with these changes and I'll
submit an updated version. See inline for more details.

On 25/07/17 06:34 PM, Ben Campbell wrote:
> —  I don’t think we can expect IETF LC and IESG reviewers to know the
> history of RFC 6716 going into this. Please expand the first
> paragraph in the introduction to  explain how the normative part of
> RFC 6716 is in the form of attached C code in appendix A, and that
> the patches in this draft patch that code.

This is the updated paragraph:

  This document addresses minor issues that were discovered in the
  reference implementation of the Opus codec.  Unlike most IETF
  specifications, Opus is defined in RFC 6716 [RFC6716] in terms of a
  normative reference decoder implementation rather than from the
  associated text description.  That's why only issues affecting the
  decoder are listed here.  An up-to-date implementation of the Opus
  encoder can be found at <https://opus-codec.org/>.

> — How can people be certain that the “formatted” patches match the
> patches in this draft, and do not change over time? Would it make
> sense to include a hash in this document, simularly to how 6716 has
> the hashes for the test vectors? (And are the IETF98 proceedings
> really where you want to store these?)

I added the hash of the patch and each testvector like in RFC6716. As
for putting the tar.gz in the proceedings, that's also what we did for
RFC6716 and as far as I know there is still no better solution for
publishing files at a fixed location.

> - 11: The draft should include hashes for the new test vectors,
> similarly to in 6716.

Done (see above).

> -12: The security considerations need some real content. For example,
> several of the fixes here seem to fix potential buffer overruns or
> other memory management errors. Does that reduce the attach surface
> for DoS or other attacks? I suspect the answer is “no”, since several
> of those sections mention that the bugs don’t appear to be
> exploitable. But the security considerations should at least
> summarize these sorts of changes and say why you believe they have no
> material impact on security.

I expanded the security considerations section to discuss the two issues
that have potential security implications and that had associated CVEs.
The new text is:

  This document fixes two security issues reported on Opus and that
  affect the reference implementation in RFC 6716 [RFC6716]: CVE-
  2013-0899 and CVE-2017-0381.  CVE-2013-0899 is fixed by Section 4 and
  could theoretically cause information leak, but the leaked
  information would at the very least go through the decoder process
  before being accessible to the attacker.  Also, the bug can only be
  triggered by Opus packets at least 24 MB in size.  CVE-2017-0381 is
  fixed by Section 7 as far as the authors are aware, could not be
  exploited in any way (despite the claims in the CVE) unless the read-
  only table was somehow placed very close to sensitive data, which is
  highly unlikely.  Beyond the two fixed CVEs, this document adds no
  new security considerations on top of RFC 6716 [RFC6716].

> -3, last paragraph: Is no “significant” impact on test vectors the
> same as no impact? Also, I note that none of the other patch sections
> talk about test vector impact, and the section on new test vectors
> explains which patches impact the vectors. Could the comment in this
> section just be removed?

Most of the changes do not affect test vectors at all, but I'm pointing
out the few that do have an impact. I agree that "no significant impact"
was a bit vague, so here's the updated text:

  This change affects the normative output of the decoder, but the
  amount of change is within the tolerance and too small to make the
  testvector check fail.

> -5, list items 2 and 3:  These paragraphs (and others in the draft)
> mention symbols from the code without any explanation what they mean.
> Some of the symbol names are self-documenting, but that is not
> consistently true. It would be helpful to add short comments about
> the meaning of each of these (perhaps in parentheses). One might
> think of this as similar to expanding acronyms on first use.

I added an explanation for nSamplesIn and fs_in_khZ. I thought the
remaining ones were clear enough, but let me know if I missed any that
would be useful.

> Also, the use of underscores for emphasis is, to my knowledge, not
> meaningful in the context of an RFC. Is the emphasis really needed?
> (I assume you don’t want to wait for the new RFC format for this sort
> of thing :-)  )

Removed the underscores.

> — paragraph after the list: "However, proving that is non- obvious.”
> - Odd sentence structure. Would it make sense to say “However, the
> authors know of no obvious approach to proving that.”?

Changed to the sentence you suggested.

> -8: Please expand NaN on first mention. 

Done (NaN = "not a number").

> -9: Please expand LCG on first mention

Simply replaced "LCG noise" by "white noise" (the fact that it's
generated by an LCG is irrelevant to the document).


Cheers,

	Jean-Marc


> 
> 
> 
> 
> _______________________________________________ codec mailing list 
> codec@ietf.org https://www.ietf.org/mailman/listinfo/codec
>

v2.23.0 | Report a Bug | By Email