Archive

Yes, this was the resolution as I recall.

-derek

Jean-Marc Valin <jmvalin@mozilla.com> writes:

> Based on Derek's latest suggestion, the text would become:
>
> "Since Opus does not provide any confidentiality or integrity
> protection, implementations SHOULD use one of the possible RTP
> Security methods (See RFC7201, RFC7202)."
>
> I think that should resolve the issue that was raised.
>
> 	Jean-Marc
>
> On 01/04/15 05:11 PM, Ben Campbell wrote:
>> Hi Roni and Derek,
>> 
>> This thread sort of tailed off in February. Has the discussion been
>> resolved?
>> 
>> Thanks!
>> 
>> Ben.
>> 
>> On 19 Feb 2015, at 11:07, Derek Atkins wrote:
>> 
>>> Roni,
>>> 
>>> I'm not an RTP guy.  To me "SRTP" is a general class of "Secure
>>> RTP" protocols.  So let's work on that as my starting point:
>>> implementations SHOULD protect their RTP stream.
>>> 
>>> Based on that, how about a re-wording here?  Instead of just
>>> saying "MAY use SRTP", how about something like "SHOULD use one
>>> of the possible RTP Security methods (See RFC7201, RFC7202)"?
>>> (Obviously this can be worded better).
>>> 
>>> -derek
>>> 
>>> Roni Even <roni.even@mail01.huawei.com> writes:
>>> 
>>>> Hi, The reason for the may is discussed in RFC7201 and RFC
>>>> 7202, it can be a SHOULD and these RFCs exaplain when it is not
>>>> required to use SRTP. Maybe add a reference to these RFCs in
>>>> the security section when saying talking about good reasons for
>>>> not using SRTP
>>>> 
>>>> Roni Even
>>>> 
>>>> ________________________________________ From: Jean-Marc Valin
>>>> [jvalin@mozilla.com] on behalf of Jean-Marc Valin
>>>> [jmvalin@mozilla.com] Sent: Tuesday, February 17, 2015 10:23
>>>> PM To: Derek Atkins; iesg@ietf.org; secdir@ietf.org Cc:
>>>> payload-chairs@tools.ietf.org; koenvos74@gmail.com;
>>>> jspittka@gmail.com Subject: Re: sec-dir review of
>>>> draft-ietf-payload-rtp-opus-08
>>>> 
>>>> Hi Derek,
>>>> 
>>>> There was no particular reason for the MAY, the text was merely
>>>> copied from other RTP payload RFC. I totally agree with making
>>>> it a SHOULD.
>>>> 
>>>> Thanks,
>>>> 
>>>> Jean-Marc
>>>> 
>>>> On 17/02/15 02:54 PM, Derek Atkins wrote:
>>>>> Hi,
>>>>> 
>>>>> I have reviewed this document as part of the security
>>>>> directorate's ongoing effort to review all IETF documents
>>>>> being processed by the IESG.  These comments were written
>>>>> with the intent of improving security requirements and
>>>>> considerations in IETF drafts.  Comments not addressed in
>>>>> last call may be included in AD reviews during the IESG
>>>>> review.  Document editors and WG chairs should treat these 
>>>>> comments just like any other last call comments.
>>>>> 
>>>>> Summary:
>>>>> 
>>>>> Ready to publish with a question: I question why the use of
>>>>> SRTP is a MAY and not a SHOULD (as detailed in the Security
>>>>> Considerations section).  Considering PERPASS I believe this
>>>>> should be a SHOULD; someone should have a very good reason
>>>>> why they are NOT using SRTP.
>>>>> 
>>>>> Details:
>>>>> 
>>>>> This document defines the Real-time Transport Protocol (RTP)
>>>>> payload format for packetization of Opus encoded speech and
>>>>> audio data necessary to integrate the codec in the most
>>>>> compatible way. Further, it describes media type
>>>>> registrations for the RTP payload format.
>>>>> 
>>>>> I have no other comments on this document.
>>>>> 
>>>>> -derek
>>>>> 
>>>> 
>>>> _______________________________________________ secdir mailing
>>>> list secdir@ietf.org 
>>>> https://www.ietf.org/mailman/listinfo/secdir wiki:
>>>> http://tools.ietf.org/area/sec/trac/wiki/SecDirReview
>>>> 
>>>> 
>>> 
>>> -- Derek Atkins                 617-623-3745 derek@ihtfp.com
>>> www.ihtfp.com Computer and Internet Security Consultant

-- 
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant

Re: [secdir] sec-dir review of draft-ietf-payload-rtp-opus-08