IETF Logo Mail Archive

[payload] Update of security template text in draft-ietf-payload-rtp-howto

Magnus Westerlund <magnus.westerlund@ericsson.com> Fri, 10 April 2015 07:13 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: payload@ietfa.amsl.com
Delivered-To: payload@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 572D61A00C2; Fri, 10 Apr 2015 00:13:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f_aFDoYCSKKm; Fri, 10 Apr 2015 00:13:25 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0BA1E1A00BE; Fri, 10 Apr 2015 00:13:24 -0700 (PDT)
X-AuditID: c1b4fb3a-f79146d0000070a3-47-552778130433
Received: from ESESSHC012.ericsson.se (Unknown_Domain [153.88.253.124]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id 85.25.28835.31877255; Fri, 10 Apr 2015 09:13:23 +0200 (CEST)
Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.56) with Microsoft SMTP Server id 14.3.210.2; Fri, 10 Apr 2015 09:13:22 +0200
Message-ID: <55277811.70905@ericsson.com>
Date: Fri, 10 Apr 2015 09:13:21 +0200
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: "payload@ietf.org" <payload@ietf.org>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpjluLIzCtJLcpLzFFi42KZGfG3Rle4Qj3UYNckcYsZfyYyW1y6eJbJ gcljyZKfTAGMUVw2Kak5mWWpRfp2CVwZ395MZSx4J1mx5v095gbGlyJdjJwcEgImEjteNbNB 2GISF+6tB7K5OIQEjjJKfNr6jRXCWc4oMXUyiMPJwSugKbFq6wKwDhYBVYlnK78zgthsAhYS N380gsVFBYIlml40skPUC0qcnPmEpYuRg0MEqPfRdyGQMLOAhETL52dgI4UFPCWePz8HVsIM VLJ+lz5EibxE89bZzCC2kIC2RENTB+sERv5ZSIbOQuiYhaRjASPzKkbR4tTi4tx0IyO91KLM 5OLi/Dy9vNSSTYzAgDu45bfVDsaDzx0PMQpwMCrx8D5IUw8VYk0sK67MPcQozcGiJM5rZ3wo REggPbEkNTs1tSC1KL6oNCe1+BAjEwenVAOj8Omj7Sov9uz8bJwXXPRgT1TrtSTWiKBg9jkb Jqs0zD9cFHPUpzf+SqUqo+mEsLlT+U36cv6VanafUnueyriuiUdHzemvYU0vg6DujKyeiTvV 1MNY15ecf/Y2XFtiVbCf/6EZE9zdv7befC4X13/A/1yFzIfFS2blbTDZfXrii4RJcSf+dq1X YinOSDTUYi4qTgQAMDZskhkCAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/payload/7zJO-2zf9O35hsVJ2nWAmx8W4Qs>
Cc: IESG <iesg@ietf.org>
Subject: [payload] Update of security template text in draft-ietf-payload-rtp-howto
X-BeenThere: payload@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Audio/Video Transport Payloads working group discussion list <payload.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/payload>, <mailto:payload-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/payload/>
List-Post: <mailto:payload@ietf.org>
List-Help: <mailto:payload-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/payload>, <mailto:payload-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Apr 2015 07:13:27 -0000

Payload WG and IESG,

Due to the discussion regarding the security considerations in
draft-ietf-payload-rtp-opus it has been proposed that a small edit is
performed on the security consideration template text that discusses the
role of the security considerations for payload formats.

"How to Write an RTP Payload Format" (draft-ietf-payload-rtp-howto) is
an approved I-D and thus I like to make this consensus call for this
change before acting on it.

Section A.13:

OLD:

   RTP packets using the payload format defined in this specification
   are subject to the security considerations discussed in the RTP
   specification [RFC3550] , and in any applicable RTP profile such as
   RTP/AVP [RFC3551], RTP/AVPF [RFC4585], RTP/SAVP [RFC3711] or RTP/
   SAVPF [RFC5124].  However, as "Securing the RTP Protocol Framework:
   Why RTP Does Not Mandate a Single Media Security Solution"
   [I-D.ietf-avt-srtp-not-mandatory] discusses it is not an RTP payload
   formats responsibility to discuss or mandate what solutions are used
   to meet the basic security goals like confidentiality, integrity and
   source authenticity for RTP in general.  This responsibility lays on
   anyone using RTP in an application.  They can find guidance on
   available security mechanisms and important considerations in Options
   for Securing RTP Sessions [I-D.ietf-avtcore-rtp-security-options].
   The rest of the this security consideration discusses the security
   impacting properties of the payload format itself.


NEW:

   RTP packets using the payload format defined in this specification
   are subject to the security considerations discussed in the RTP
   specification [RFC3550] , and in any applicable RTP profile such as
   RTP/AVP [RFC3551], RTP/AVPF [RFC4585], RTP/SAVP [RFC3711] or RTP/
   SAVPF [RFC5124].  However, as "Securing the RTP Protocol Framework:
   Why RTP Does Not Mandate a Single Media Security Solution" [RFC7202]
   discusses it is not an RTP payload formats responsibility to discuss
   or mandate what solutions are used to meet the basic security goals
   like confidentiality, integrity and source authenticity for RTP in
   general.  This responsibility lays on anyone using RTP in an
   application.  They can find guidance on available security mechanisms
   and important considerations in Options for Securing RTP Sessions
   [RFC7201].  Applications SHOULD use one or more appropriate strong
   security mechanisms.  The rest of the this security consideration
   discusses the security impacting properties of the payload format
   itself.

Change is the new second to last sentence, and updated references.

If no objections are heard in 2 weeks time, by the 25th of April 2015, I
will submit a new version with this change.


Cheers

Magnus Westerlund

----------------------------------------------------------------------
Services, Media and Network features, Ericsson Research EAB/TXM
----------------------------------------------------------------------
Ericsson AB                 | Phone  +46 10 7148287
Färögatan 6                 | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email