Re: [secdir] Secdir review of draft-ietf-mmusic-duplication-grouping-03
"Ali C. Begen (abegen)" <abegen@cisco.com> Mon, 18 November 2013 15:25 UTC
Return-Path: <abegen@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DB2D11E80ED; Mon, 18 Nov 2013 07:25:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W6i4J6iS5SjS; Mon, 18 Nov 2013 07:24:58 -0800 (PST)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) by ietfa.amsl.com (Postfix) with ESMTP id 4FD9C11E8159; Mon, 18 Nov 2013 07:22:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2290; q=dns/txt; s=iport; t=1384788155; x=1385997755; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=nIivDV8bhaqbEBpqOOadLbOte1CPX/n4Nn6ZFhZGJ4k=; b=Q2d0SuNPhFEzVtNOjvUhttsqz9YHuDSS05tb2ODlmSsDfdhWsbttclpk 11Sx2yNVdrwrnniLVSZIfs22a+UXtylhkObahYU4foM5rXprOzEoCalc1 rDugOIF4DSjJC1YalxBfFXaYPhQY8lEy5JAj6JC0Np+KokLPFc0G50rv2 c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgoFAPAvilKtJXG//2dsb2JhbABZgmYhgQu/NoEaFnSCJQEBAQMBOj8FCwIBCDYQMiUCBA4Fh3sGAcJGF44ngQ8zB4MggREDmBCSDYMogWhC
X-IronPort-AV: E=Sophos;i="4.93,724,1378857600"; d="scan'208";a="282840396"
Received: from rcdn-core2-4.cisco.com ([173.37.113.191]) by rcdn-iport-9.cisco.com with ESMTP; 18 Nov 2013 15:22:35 +0000
Received: from xhc-rcd-x10.cisco.com (xhc-rcd-x10.cisco.com [173.37.183.84]) by rcdn-core2-4.cisco.com (8.14.5/8.14.5) with ESMTP id rAIFMYXK005098 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 18 Nov 2013 15:22:34 GMT
Received: from xmb-aln-x01.cisco.com ([fe80::747b:83e1:9755:d453]) by xhc-rcd-x10.cisco.com ([173.37.183.84]) with mapi id 14.03.0123.003; Mon, 18 Nov 2013 09:22:33 -0600
From: "Ali C. Begen (abegen)" <abegen@cisco.com>
To: Vincent Roca <vincent.roca@inria.fr>
Thread-Topic: Secdir review of draft-ietf-mmusic-duplication-grouping-03
Thread-Index: AQHO5G6l0VmmAn1+8kCtbmpRZWJM4Jorf7gA
Date: Mon, 18 Nov 2013 15:22:33 +0000
Message-ID: <2816F03A-D44B-4408-A86A-26585F6B583D@cisco.com>
References: <D71EFBF3-3BD3-4782-9AAB-4489B068C946@inria.fr>
In-Reply-To: <D71EFBF3-3BD3-4782-9AAB-4489B068C946@inria.fr>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.86.243.139]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <3C20DEFCA8189F4BBBAAD1EC2213DCBD@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "<draft-ietf-mmusic-duplication-grouping@tools.ietf.org>" <draft-ietf-mmusic-duplication-grouping@tools.ietf.org>, IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] Secdir review of draft-ietf-mmusic-duplication-grouping-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Nov 2013 15:25:04 -0000
Hi Vincent, On Nov 18, 2013, at 4:58 PM, Vincent Roca <vincent.roca@inria.fr> wrote: > Hello, > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. > > IMHO, the document is Almost ready. > > My main comment WRT this I-D is the following: > > 1- There is no reference to RFC4566 (SDP) security section! This is a pity > as the security considerations are very well addressed in this RFC, much > better than in the present I-D I would say. > Additionally, I don't think that adding duplication grouping to SDP changes > so much the situation WRT SDP security, so this is one more reason to > have this reference. We can add this, no worries. I think we simply followed RFC 5888 in this section but your point is taken. > > > Otherwise: > > 2- The authors say that "there is a weak threat". Is the threat weak in the > sense it is unlikely to happen (why?), or is it weak in the sense it will have > limited consequences? In any case, I would be in favor of removing > "weak" altogether. It means it is unlikely to happen because if someone can modify the SDP for changing the grouping, it can actually do much worse things by changing other things. > > 3- Since we are now all aware of the necessity of making pervasive > monitoring more complex, it could be useful to say that having some > confidentiality is recommended (in addition to integrity and authentication > of course). This is not discussed in RFC4566 (but it was published in 2006), > so it's worth mentioning it in this I-D (no need to say much). Personally I dont think anything we say in this draft will have any impact in this regard but I can add this when doing the revision. > > > Non security related comment: > > 4- The [IC2011] reference should be updated. It's published, and the > volume/number are now known. Good point, I thought this was fixed. Thanks. > > > Cheers, > > Vincent
- [secdir] Secdir review of draft-ietf-mmusic-dupli… Vincent Roca
- Re: [secdir] Secdir review of draft-ietf-mmusic-d… Ali C. Begen (abegen)
- Re: [secdir] Secdir review of draft-ietf-mmusic-d… Vincent Roca