IETF Logo Mail Archive

[payload] Stephen Farrell's Discuss on draft-ietf-payload-rtp-h265-14: (with DISCUSS and COMMENT)

"Stephen Farrell" <stephen.farrell@cs.tcd.ie> Tue, 01 September 2015 12:49 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: payload@ietfa.amsl.com
Delivered-To: payload@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 616751B530B; Tue, 1 Sep 2015 05:49:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XEW-6v2npqBw; Tue, 1 Sep 2015 05:49:47 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id BB27C1B2F19; Tue, 1 Sep 2015 05:49:47 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.4.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20150901124947.6862.19178.idtracker@ietfa.amsl.com>
Date: Tue, 01 Sep 2015 05:49:47 -0700
Archived-At: <http://mailarchive.ietf.org/arch/msg/payload/wZT76un2H1kYnNOjLCksmlr1wf4>
Cc: payload-chairs@ietf.org, payload@ietf.org, draft-ietf-payload-rtp-h265@ietf.org
Subject: [payload] Stephen Farrell's Discuss on draft-ietf-payload-rtp-h265-14: (with DISCUSS and COMMENT)
X-BeenThere: payload@ietf.org
X-Mailman-Version: 2.1.15
List-Id: Audio/Video Transport Payloads working group discussion list <payload.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/payload>, <mailto:payload-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/payload/>
List-Post: <mailto:payload@ietf.org>
List-Help: <mailto:payload-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/payload>, <mailto:payload-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 12:49:49 -0000

Stephen Farrell has entered the following ballot position for
draft-ietf-payload-rtp-h265-14: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-payload-rtp-h265/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------


(1) For a 99 page detailed specification, the security
considerations are tremendously brief.  There are two
non-boilerplate paragraphs - one says developers "MUST
exercise caution" (meaning what precisely?) and the other
extolls the virtues of not encrypting. For a 99 page
specification of a highly non-trivial encoding scheme, I
would have expected to see the results of a better
analysis. Was that analysis done? That should at least
include consideration of the CVEs already published
relating to H.264 [1] which include 34 CVEs relating to
various kinds of remote-code-execution and DoS. If the
authors here are asserting that this presumably more
complex codec will have few vulnerabilities, then I would
welcome seeing the justification for that statement.
(Note: In some cases with payload drafts, authors can
fairly claim that the I-D does not describe the payload
in detail and hence that the security considerations text
need not be comprehensive as implementers are expected to
find that elsewhere. In this case, the 99 pages strongly
argues otherwise IMO - there are plenty of ways to go
badly wrong implementing what is stated in this draft.)
To summarise: "MUST exercise caution" is not useful,
can't you translate that into actionable advice to an
implementer based on experience with security issues
found with this and similar codecs?

   [1] https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=h.264

(2) This is just a process nit probably. The shepherd
write-up doesn't mention the Nokia IPR declaration.  Were
the WG also ok with that one? The write-up seems to
pre-date that latest IPR declaration, which is from a
company that seems to employ one of the authors. That is
odd timing really so can someone explain the sequence of
events and why all is well?


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------



- General: I was puzzled as to why there is so much text
that is presumably non-normative explanatory text
covering what is elsewehere in (I guess) ITU documents.
It seems like there is a lot, but not enough, here for an
implementer.

- 4.1: " The assignment of an RTP payload type for this
new packet format is outside the scope of this document
and will not be specified here. " Huh? That's confusing.
For me at least.

- p75 - why would md5 ever be most-preferred these days?
Better to not say that, even in an example. Even better
would be to deprecate md5 even for this non-security
purpose to simplify code-audit. Or, if there is some
reason why e.g. sha256 isn't suited then explaining that
would also help for code-audits.

v2.23.0 | Report a Bug | By Email