[secdir] Fwd: SecDir review of draft-ietf-mmusic-msid-13
Rifaat Shekh-Yusef <rifaat.ietf@gmail.com> Mon, 16 May 2016 12:07 UTC
Return-Path: <rifaat.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DEC012D55C; Mon, 16 May 2016 05:07:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ORgEO2GV00EH; Mon, 16 May 2016 05:07:53 -0700 (PDT)
Received: from mail-vk0-x22b.google.com (mail-vk0-x22b.google.com [IPv6:2607:f8b0:400c:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3CD012D174; Mon, 16 May 2016 05:07:53 -0700 (PDT)
Received: by mail-vk0-x22b.google.com with SMTP id s184so209749562vkb.3; Mon, 16 May 2016 05:07:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=Ba5PQ+wmyMRhn7kIB8P/lUeh6yaaxiwndDAxsFbqQ6I=; b=uVCqJt4zYUQBWqk6rc4Pm9MFYzjb2RlPVAR5izPw8jfvdNOfAAYabrdVINT8cjAsAv jVBw36XqW2BS5UBi1eTXL5oZsVqSrTSOoASe8/cQMddStUeV+SroQpv496TfBv11on0c r0HKI/5J3mavjOykw6vaol3LJfMz3cJQHv8RhIEDItk+3v21D300DGEg6cZ+TkwvCMkw HhQWgAOCGiiTIMYgvZoJv+LLtO32lD+l0emycJNa08cdhJUiZvcZRQgKpzBcwXx35Og1 h+B0YJcnr8LWLKbzELXBLUJBvUGb/PEGD6+JPQ3KBxrBcmpysnKKZuGDtr5Hf5iG/QiQ nNkw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=Ba5PQ+wmyMRhn7kIB8P/lUeh6yaaxiwndDAxsFbqQ6I=; b=fgKw8OItldJKmb1NAbl832E5DEUtN737ug9m6Ag86tgGeqf619KP3TWt5UDi0fXEd1 gPxrz6fyV3ayKcsbcFkJ+FB2x/kRpdm/QsnEWdEXCZijdjeNGpC8/F/cvkWVMUDoXCSn Q4LyuWaWKEKUwqQzxy61lHOi20MH6K9MuCTA7Oa2B4j7/BFSh6gzqpD1K8kSqQy/rUKh BLHUF3e8xHxuRcozCynDwka2qEc4r5E3ma9+l/DMeMbMHV8O0SbBWZ7Wryn9P/vxf1Hh zCA6dUFVtKRkrviFqnqIcOnnsV623W70J04/+6R6r9u+nJ3Wl9wp6vmncRA6FdMYfYv6 Hg1g==
X-Gm-Message-State: AOPr4FXwCYB5vj51UIw46zO8Ns7zaNjAo3kqvNwImzM7mcLDXq4pHvfz6/+J3JFUN6JMDLMnmPr4rQujVeUO8A==
MIME-Version: 1.0
X-Received: by 10.176.0.202 with SMTP id 68mr6422172uaj.33.1463400472688; Mon, 16 May 2016 05:07:52 -0700 (PDT)
Received: by 10.176.7.101 with HTTP; Mon, 16 May 2016 05:07:52 -0700 (PDT)
In-Reply-To: <CAGL6epKpPLSMs=yAD1JSc5orxVY=KWmOkYahMzzYzCDwRpshZQ@mail.gmail.com>
References: <CAGL6epKpPLSMs=yAD1JSc5orxVY=KWmOkYahMzzYzCDwRpshZQ@mail.gmail.com>
Date: Mon, 16 May 2016 08:07:52 -0400
Message-ID: <CAGL6ep+DecTXoWH9e2i1oJG-krRrH0_gy1BLdwdEm+qSOwpqTw@mail.gmail.com>
From: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
To: draft-ietf-mmusic-msid.all@ietf.org
Content-Type: multipart/alternative; boundary="001a113e070656c0130532f479e6"
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/0cfIdCaE1-Z0rm4qret8VcwXANg>
Cc: The IESG <iesg@ietf.org>, secdir@ietf.org
Subject: [secdir] Fwd: SecDir review of draft-ietf-mmusic-msid-13
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 May 2016 12:07:55 -0000
Re-sending because the original message bounced back (complaining about draft-ietf-mmusic-msid-13.all@ietf.org email). Regards, Rifaat ---------- Forwarded message ---------- From: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com> Date: Fri, May 13, 2016 at 10:38 AM Subject: [secdir] SecDir review of draft-ietf-mmusic-msid-13 To: The IESG <iesg@ietf.org>, secdir@ietf.org, draft-ietf-mmusic-msid-13.all@ietf.org I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. Summary: *Ready* This is a Standard Track document that defines an RTP media streams grouping mechanism in SDP. The Security Consideration section clearly describes the potential attacks introduced by this new mechanism, and points out the general issue of SDP modification by untrusted entities, and potential issue with the buffering required by mechanism suggested by the draft. Regards, Rifaat
- [secdir] SecDir review of draft-ietf-mmusic-msid-… Rifaat Shekh-Yusef
- [secdir] Fwd: SecDir review of draft-ietf-mmusic-… Rifaat Shekh-Yusef