[secdir] Secdir review of draft-ietf-xrblock-rtcp-xr-decodability-09

Catherine Meadows <catherine.meadows@nrl.navy.mil> Fri, 08 March 2013 23:45 UTC

Return-Path: <catherine.meadows@nrl.navy.mil>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B64F21F85A2; Fri, 8 Mar 2013 15:45:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QSQU2-DCA31e; Fri, 8 Mar 2013 15:45:29 -0800 (PST)
Received: from fw5540.nrl.navy.mil (fw5540.nrl.navy.mil [132.250.196.100]) by ietfa.amsl.com (Postfix) with ESMTP id E133921F859C; Fri, 8 Mar 2013 15:45:25 -0800 (PST)
Received: from chacs.nrl.navy.mil (sun1.fw5540.net [10.0.0.11]) by fw5540.nrl.navy.mil (8.14.4/8.13.6) with ESMTP id r28Nigbt006403; Fri, 8 Mar 2013 18:44:42 -0500
Received: from chacs.nrl.navy.mil (sun1 [10.0.0.11]) by chacs.nrl.navy.mil (8.13.8/8.13.6) with SMTP id r28NjNf5013636; Fri, 8 Mar 2013 18:45:23 -0500 (EST)
Received: from ashurbanipal.fw5540.net ([10.0.3.109]) by chacs.nrl.navy.mil (SMSSMTP 4.1.16.48) with SMTP id M2013030818452318813 ; Fri, 08 Mar 2013 18:45:23 -0500
From: Catherine Meadows <catherine.meadows@nrl.navy.mil>
Content-Type: multipart/alternative; boundary="Apple-Mail=_73B6F91F-790B-4457-B167-8774D6042900"
Date: Fri, 8 Mar 2013 18:45:22 -0500
Message-Id: <DAFCC994-5270-4E1D-B2EF-06D77A87BBE4@nrl.navy.mil>
To: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-xrblock-rtcp-xr-decodability.all@tools.ietf.org
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
X-Mailer: Apple Mail (2.1499)
Subject: [secdir] Secdir review of draft-ietf-xrblock-rtcp-xr-decodability-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Mar 2013 23:45:30 -0000

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

This ID concerns a new RTP  Control Protocol Extended Report Block that reports decodability
statistics metrics for RTP applications using MPEG2 TS over RTP.   These are parameters necessary or helpful to
ensure that TS transmissions can be decoded.  This includes information
such as transport stream synchronization losses, sync byte errors, and continuity count errors,  and others,  apply to all MPEG2 applications.
The ID gives the format for each of the parameters in the Report Block.

The authors of the document point out in the Security Considerations section that the ID introduces no new security considerations
beyond those  described in RFC 3611.  RFC 3611 describes RTP Extended Reports Blocks in general.  The security considerations discussed
are that the information  in the Report Blocks, which are generally unencrypted, could reveal confidential information, and that an attacker
could possibly take advantage of the size of the Extended Report Blocks to launch a denial of service attack.  I agree that the Report Blocks described
in this ID to not introduce any security considerations beyond that, and thus do not believe that this ID needs any further  examination from
a security point of view.

Cathy

 
Catherine Meadows
Naval Research Laboratory
Code 5543
4555 Overlook Ave., S.W.
Washington DC, 20375
phone: 202-767-3490
fax: 202-404-7942
email: catherine.meadows@nrl.navy.mil