[secdir] secdir review of draft-ietf-avtext-sdes-hdr-ext
Samuel Weiler <weiler+ietf@watson.org> Sun, 17 April 2016 11:45 UTC
Return-Path: <weiler+ietf@watson.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2576312DA63; Sun, 17 Apr 2016 04:45:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.896
X-Spam-Level:
X-Spam-Status: No, score=-2.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.996] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7jNy635Fxda4; Sun, 17 Apr 2016 04:45:21 -0700 (PDT)
Received: from cyrus.watson.org (cyrus.watson.org [198.74.231.69]) by ietfa.amsl.com (Postfix) with ESMTP id BA43512DAAB; Sun, 17 Apr 2016 04:45:21 -0700 (PDT)
Received: from fledge.watson.org (fledge.watson.org [198.74.231.63]) by cyrus.watson.org (Postfix) with ESMTPS id 2125546B2E; Sun, 17 Apr 2016 07:45:21 -0400 (EDT)
Received: from fledge.watson.org (weiler@localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.15.2/8.15.2) with ESMTP id u3HBjKf5014289; Sun, 17 Apr 2016 07:45:20 -0400 (EDT) (envelope-from weiler+ietf@watson.org)
Received: from localhost (weiler@localhost) by fledge.watson.org (8.15.2/8.15.2/Submit) with ESMTP id u3HBjKVX014286; Sun, 17 Apr 2016 07:45:20 -0400 (EDT) (envelope-from weiler+ietf@watson.org)
X-Authentication-Warning: fledge.watson.org: weiler owned process doing -bs
Date: Sun, 17 Apr 2016 07:45:20 -0400
From: Samuel Weiler <weiler+ietf@watson.org>
X-X-Sender: weiler@fledge.watson.org
To: secdir@ietf.org, iesg@ietf.org, draft-ietf-avtext-sdes-hdr-ext.all@ietf.org
Message-ID: <alpine.BSF.2.20.1604150753390.94067@fledge.watson.org>
User-Agent: Alpine 2.20 (BSF 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="US-ASCII"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (fledge.watson.org [127.0.0.1]); Sun, 17 Apr 2016 07:45:20 -0400 (EDT)
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/-nDCKkOuHjQzeaxPw51E3RW_vP4>
Subject: [secdir] secdir review of draft-ietf-avtext-sdes-hdr-ext
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Apr 2016 11:45:23 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. I am mostly satisfied with this document's security analysis. I am worried that implementors will weasel their way around the "SHOULD"s, but the appropriate "SHOULD"s are in the doc. The doc says "...there SHOULD be strong integrity protection and source authentication of the header extensions" -- I would like to also see specific citation(s). (e.g. "Use X for integrity protection." "Use X for authenticity.") It would be nice to see some discussion of whether these headers increase the utility of RTP as a DOS vector - either by enabling a reflector attack or by triggering heavy computation on a receiving host. I suspect that there's not much to see here, particularly if there really is integrity protection, but it would be nice to see the analysis. Editorial comment: For the RTP-naive reader, I suggest adding an early mention that SDES is (normally) a special packet type within RTP. Specifically: it would be helpful for Section 1 to also say "RTP has a special packet type for Source Description (SDES) items."
- [secdir] secdir review of draft-ietf-avtext-sdes-… Samuel Weiler
- Re: [secdir] secdir review of draft-ietf-avtext-s… Magnus Westerlund
- Re: [secdir] secdir review of draft-ietf-avtext-s… Samuel Weiler
- Re: [secdir] secdir review of draft-ietf-avtext-s… Ben Campbell
- Re: [secdir] secdir review of draft-ietf-avtext-s… Magnus Westerlund