[secdir] Fwd: SecDir review of draft-ietf-mmusic-msid-13

Rifaat Shekh-Yusef <rifaat.ietf@gmail.com> Mon, 16 May 2016 12:07 UTC

Return-Path: <rifaat.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DEC012D55C; Mon, 16 May 2016 05:07:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ORgEO2GV00EH; Mon, 16 May 2016 05:07:53 -0700 (PDT)
Received: from mail-vk0-x22b.google.com (mail-vk0-x22b.google.com [IPv6:2607:f8b0:400c:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3CD012D174; Mon, 16 May 2016 05:07:53 -0700 (PDT)
Received: by mail-vk0-x22b.google.com with SMTP id s184so209749562vkb.3; Mon, 16 May 2016 05:07:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=Ba5PQ+wmyMRhn7kIB8P/lUeh6yaaxiwndDAxsFbqQ6I=; b=uVCqJt4zYUQBWqk6rc4Pm9MFYzjb2RlPVAR5izPw8jfvdNOfAAYabrdVINT8cjAsAv jVBw36XqW2BS5UBi1eTXL5oZsVqSrTSOoASe8/cQMddStUeV+SroQpv496TfBv11on0c r0HKI/5J3mavjOykw6vaol3LJfMz3cJQHv8RhIEDItk+3v21D300DGEg6cZ+TkwvCMkw HhQWgAOCGiiTIMYgvZoJv+LLtO32lD+l0emycJNa08cdhJUiZvcZRQgKpzBcwXx35Og1 h+B0YJcnr8LWLKbzELXBLUJBvUGb/PEGD6+JPQ3KBxrBcmpysnKKZuGDtr5Hf5iG/QiQ nNkw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=Ba5PQ+wmyMRhn7kIB8P/lUeh6yaaxiwndDAxsFbqQ6I=; b=fgKw8OItldJKmb1NAbl832E5DEUtN737ug9m6Ag86tgGeqf619KP3TWt5UDi0fXEd1 gPxrz6fyV3ayKcsbcFkJ+FB2x/kRpdm/QsnEWdEXCZijdjeNGpC8/F/cvkWVMUDoXCSn Q4LyuWaWKEKUwqQzxy61lHOi20MH6K9MuCTA7Oa2B4j7/BFSh6gzqpD1K8kSqQy/rUKh BLHUF3e8xHxuRcozCynDwka2qEc4r5E3ma9+l/DMeMbMHV8O0SbBWZ7Wryn9P/vxf1Hh zCA6dUFVtKRkrviFqnqIcOnnsV623W70J04/+6R6r9u+nJ3Wl9wp6vmncRA6FdMYfYv6 Hg1g==
X-Gm-Message-State: AOPr4FXwCYB5vj51UIw46zO8Ns7zaNjAo3kqvNwImzM7mcLDXq4pHvfz6/+J3JFUN6JMDLMnmPr4rQujVeUO8A==
MIME-Version: 1.0
X-Received: by 10.176.0.202 with SMTP id 68mr6422172uaj.33.1463400472688; Mon, 16 May 2016 05:07:52 -0700 (PDT)
Received: by 10.176.7.101 with HTTP; Mon, 16 May 2016 05:07:52 -0700 (PDT)
In-Reply-To: <CAGL6epKpPLSMs=yAD1JSc5orxVY=KWmOkYahMzzYzCDwRpshZQ@mail.gmail.com>
References: <CAGL6epKpPLSMs=yAD1JSc5orxVY=KWmOkYahMzzYzCDwRpshZQ@mail.gmail.com>
Date: Mon, 16 May 2016 08:07:52 -0400
Message-ID: <CAGL6ep+DecTXoWH9e2i1oJG-krRrH0_gy1BLdwdEm+qSOwpqTw@mail.gmail.com>
From: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
To: draft-ietf-mmusic-msid.all@ietf.org
Content-Type: multipart/alternative; boundary=001a113e070656c0130532f479e6
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/0cfIdCaE1-Z0rm4qret8VcwXANg>
Cc: The IESG <iesg@ietf.org>, secdir@ietf.org
Subject: [secdir] Fwd: SecDir review of draft-ietf-mmusic-msid-13
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 May 2016 12:07:55 -0000

Re-sending because the original message bounced back (complaining about
draft-ietf-mmusic-msid-13.all@ietf.org email).

Regards,
 Rifaat



---------- Forwarded message ----------
From: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Date: Fri, May 13, 2016 at 10:38 AM
Subject: [secdir] SecDir review of draft-ietf-mmusic-msid-13
To: The IESG <iesg@ietf.org>rg>, secdir@ietf.org,
draft-ietf-mmusic-msid-13.all@ietf.org


I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Summary: *Ready*

This is a Standard Track document that defines an RTP media streams
grouping mechanism in SDP.

The Security Consideration section clearly describes the potential attacks
introduced by this new mechanism, and points out the general issue of SDP
modification by untrusted entities, and potential issue with the buffering
required by mechanism suggested by the draft.

Regards,
 Rifaat