IETF Logo Mail Archive

Re: [secdir] sec-dir review of draft-ietf-payload-rtp-opus-08

Roni Even <roni.even@mail01.huawei.com> Thu, 19 February 2015 05:30 UTC

Return-Path: <roni.even@mail01.huawei.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D25931A8798; Wed, 18 Feb 2015 21:30:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NUdX83XYRU9E; Wed, 18 Feb 2015 21:30:10 -0800 (PST)
Received: from hwsga02-in.huaweimarine.com (hwsga02-in.huaweimarine.com [119.145.15.224]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E59271A8789; Wed, 18 Feb 2015 21:30:09 -0800 (PST)
Received: from 172.24.1.80 (EHLO szxpml401-hub.exmail.huawei.com) ([172.24.1.80]) by szxrg12-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CHN99486; Thu, 19 Feb 2015 13:26:39 +0800 (CST)
Received: from SZXPML507-MBX.exmail.huawei.com ([169.254.2.73]) by szxpml401-hub.exmail.huawei.com ([10.82.67.140]) with mapi id 14.03.0158.001; Thu, 19 Feb 2015 13:26:34 +0800
From: Roni Even <roni.even@mail01.huawei.com>
To: Jean-Marc Valin <jmvalin@mozilla.com>, Derek Atkins <derek@ihtfp.com>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: sec-dir review of draft-ietf-payload-rtp-opus-08
Thread-Index: AQHQSuuZ9ux5tJ4kjEmfw6kdoshUWZz0wyWAgAKvGiI=
Date: Thu, 19 Feb 2015 05:26:33 +0000
Message-ID: <760B7D45D1EFF74988DBF5C2122830C24D064CDE@szxpml507-mbx.exmail.huawei.com>
References: <sjmoaosz53h.fsf@securerf.ihtfp.org>, <54E3A32F.2010008@jmvalin.ca>
In-Reply-To: <54E3A32F.2010008@jmvalin.ca>
Accept-Language: en-US, zh-CN
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.24.1.125]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/0XQpYFsqU4Oh84kjxB2MDPNiCVU>
Cc: "koenvos74@gmail.com" <koenvos74@gmail.com>, "jspittka@gmail.com" <jspittka@gmail.com>, "payload-chairs@tools.ietf.org" <payload-chairs@tools.ietf.org>
Subject: Re: [secdir] sec-dir review of draft-ietf-payload-rtp-opus-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Feb 2015 05:30:14 -0000

Hi,
The reason for the may is discussed in RFC7201 and RFC 7202, it can be a SHOULD and these  RFCs exaplain when it is not required to use SRTP.
Maybe add a reference to these RFCs in the security section when saying talking about good reasons for not using SRTP

Roni Even

________________________________________
From: Jean-Marc Valin [jvalin@mozilla.com] on behalf of Jean-Marc Valin [jmvalin@mozilla.com]
Sent: Tuesday, February 17, 2015 10:23 PM
To: Derek Atkins; iesg@ietf.org; secdir@ietf.org
Cc: payload-chairs@tools.ietf.org; koenvos74@gmail.com; jspittka@gmail.com
Subject: Re: sec-dir review of draft-ietf-payload-rtp-opus-08

Hi Derek,

There was no particular reason for the MAY, the text was merely copied
from other RTP payload RFC. I totally agree with making it a SHOULD.

Thanks,

        Jean-Marc

On 17/02/15 02:54 PM, Derek Atkins wrote:
> Hi,
>
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written with the intent of improving
> security requirements and considerations in IETF drafts.  Comments
> not addressed in last call may be included in AD reviews during the
> IESG review.  Document editors and WG chairs should treat these
> comments just like any other last call comments.
>
> Summary:
>
> Ready to publish with a question: I question why the use of SRTP is a
> MAY and not a SHOULD (as detailed in the Security Considerations
> section).  Considering PERPASS I believe this should be a SHOULD;
> someone should have a very good reason why they are NOT using SRTP.
>
> Details:
>
>    This document defines the Real-time Transport Protocol (RTP) payload
>    format for packetization of Opus encoded speech and audio data
>    necessary to integrate the codec in the most compatible way.
>    Further, it describes media type registrations for the RTP payload
>    format.
>
> I have no other comments on this document.
>
> -derek
>

v2.23.0 | Report a Bug | By Email