[secdir] Secdir review of draft-ietf-xrblock-rtcp-xr-decodability-09
Catherine Meadows <catherine.meadows@nrl.navy.mil> Fri, 08 March 2013 23:45 UTC
Return-Path: <catherine.meadows@nrl.navy.mil>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B64F21F85A2; Fri, 8 Mar 2013 15:45:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QSQU2-DCA31e; Fri, 8 Mar 2013 15:45:29 -0800 (PST)
Received: from fw5540.nrl.navy.mil (fw5540.nrl.navy.mil [132.250.196.100]) by ietfa.amsl.com (Postfix) with ESMTP id E133921F859C; Fri, 8 Mar 2013 15:45:25 -0800 (PST)
Received: from chacs.nrl.navy.mil (sun1.fw5540.net [10.0.0.11]) by fw5540.nrl.navy.mil (8.14.4/8.13.6) with ESMTP id r28Nigbt006403; Fri, 8 Mar 2013 18:44:42 -0500
Received: from chacs.nrl.navy.mil (sun1 [10.0.0.11]) by chacs.nrl.navy.mil (8.13.8/8.13.6) with SMTP id r28NjNf5013636; Fri, 8 Mar 2013 18:45:23 -0500 (EST)
Received: from ashurbanipal.fw5540.net ([10.0.3.109]) by chacs.nrl.navy.mil (SMSSMTP 4.1.16.48) with SMTP id M2013030818452318813 ; Fri, 08 Mar 2013 18:45:23 -0500
From: Catherine Meadows <catherine.meadows@nrl.navy.mil>
Content-Type: multipart/alternative; boundary="Apple-Mail=_73B6F91F-790B-4457-B167-8774D6042900"
Date: Fri, 08 Mar 2013 18:45:22 -0500
Message-Id: <DAFCC994-5270-4E1D-B2EF-06D77A87BBE4@nrl.navy.mil>
To: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-xrblock-rtcp-xr-decodability.all@tools.ietf.org
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
X-Mailer: Apple Mail (2.1499)
Subject: [secdir] Secdir review of draft-ietf-xrblock-rtcp-xr-decodability-09
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Mar 2013 23:45:30 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This ID concerns a new RTP Control Protocol Extended Report Block that reports decodability statistics metrics for RTP applications using MPEG2 TS over RTP. These are parameters necessary or helpful to ensure that TS transmissions can be decoded. This includes information such as transport stream synchronization losses, sync byte errors, and continuity count errors, and others, apply to all MPEG2 applications. The ID gives the format for each of the parameters in the Report Block. The authors of the document point out in the Security Considerations section that the ID introduces no new security considerations beyond those described in RFC 3611. RFC 3611 describes RTP Extended Reports Blocks in general. The security considerations discussed are that the information in the Report Blocks, which are generally unencrypted, could reveal confidential information, and that an attacker could possibly take advantage of the size of the Extended Report Blocks to launch a denial of service attack. I agree that the Report Blocks described in this ID to not introduce any security considerations beyond that, and thus do not believe that this ID needs any further examination from a security point of view. Cathy Catherine Meadows Naval Research Laboratory Code 5543 4555 Overlook Ave., S.W. Washington DC, 20375 phone: 202-767-3490 fax: 202-404-7942 email: catherine.meadows@nrl.navy.mil
- [secdir] Secdir review of draft-ietf-xrblock-rtcp… Catherine Meadows