[secdir] SecDir review of draft-ietf-mmusic-msid-13

Rifaat Shekh-Yusef <rifaat.ietf@gmail.com> Fri, 13 May 2016 14:38 UTC

Return-Path: <rifaat.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3AC8D12D530; Fri, 13 May 2016 07:38:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6GrO1_pA-edj; Fri, 13 May 2016 07:38:31 -0700 (PDT)
Received: from mail-vk0-x233.google.com (mail-vk0-x233.google.com [IPv6:2607:f8b0:400c:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7392F12D531; Fri, 13 May 2016 07:38:30 -0700 (PDT)
Received: by mail-vk0-x233.google.com with SMTP id f66so139601217vkh.2; Fri, 13 May 2016 07:38:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to; bh=Er1NBV1wsegQCZhv1kMvuyE5Y+mYQACHnOqGtaSBcUk=; b=kYfENZHVi0eJzRycXq3wn92HrJAkznxrO+VJsOc8gaXPmeWbdQ1uMjoiYh0YgI7ARh TNe3wHotYXgFtLBf/NVEjcYHWKDEF3Duqddavf+jU/0Dip9q2YWfJrVjRUBAI9cB6lkE 1EAwXozwRi3CDKNWbIwt7MuXDeOQp4pBCSDJVPw+UcDZStdzpxoMfLp41U0iy0UErv+Z UkVToHRXfzt5R+nU7VBQLwPkbKI5GqbxE59YQUUVKG1/VakL0niz52sKs93X0V3LsJHp VMJTZyEw3o3HyTX+LYAJk9Z79kG0weS781x1leoQyZaHkwbwWxznF0TwYfOwx0kbuk08 kSoA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to; bh=Er1NBV1wsegQCZhv1kMvuyE5Y+mYQACHnOqGtaSBcUk=; b=DuZxKE9HfJRvhMpFlAXQ6mndR0e9RWMhfzjARU3IKJW5a/dnNcvAjWfPuXQYF+1Yef HuVCPlvZhVT/MFAmNGqxVxEVyoJRYSHRjZgJl2M/Ig1s08/p2pv1VC+1RQvO1eC1jPIZ QNL5Ed2ICR12hoDf5wmXVBmknE4EJ2z9hMGCnPugWmHXADljJh1J8BsqkpmqMVIWi66d yIz85pXUvJ8PJZWdvPY/Lz1GE0JzdWlM3IwnnmqnRViKzOaKeP1iHXsh1qAR3rfmzqQo SEiJHR1wagMEs7Gr/EXVxcqTgq7AkqxCkIneBK8xsF2n6JWQEg5eF5cv4L9H/Y+mLC2y 5M6Q==
X-Gm-Message-State: AOPr4FV68p13hCp8GyfdzKAP8VrvJLFDogl1E9a2RlSfkGt/cJIIAMtObP2DnF+NEYw3yC7uOWVvj/qi4BJeJA==
MIME-Version: 1.0
X-Received: by 10.31.99.133 with SMTP id x127mr6620404vkb.146.1463150309933; Fri, 13 May 2016 07:38:29 -0700 (PDT)
Received: by 10.176.7.101 with HTTP; Fri, 13 May 2016 07:38:29 -0700 (PDT)
Date: Fri, 13 May 2016 10:38:29 -0400
Message-ID: <CAGL6epKpPLSMs=yAD1JSc5orxVY=KWmOkYahMzzYzCDwRpshZQ@mail.gmail.com>
From: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
To: The IESG <iesg@ietf.org>, secdir@ietf.org, draft-ietf-mmusic-msid-13.all@ietf.org
Content-Type: multipart/alternative; boundary=94eb2c07ccfc7a0c020532ba3a14
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/5xWgCd-2mBpnmjVtJNMTcowjX9I>
Subject: [secdir] SecDir review of draft-ietf-mmusic-msid-13
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 May 2016 14:38:33 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Summary: *Ready*

This is a Standard Track document that defines an RTP media streams
grouping mechanism in SDP.

The Security Consideration section clearly describes the potential attacks
introduced by this new mechanism, and points out the general issue of SDP
modification by untrusted entities, and potential issue with the buffering
required by mechanism suggested by the draft.

Regards,
 Rifaat