Re: [secdir] [payload] sec-dir review of draft-ietf-payload-rtp-opus-08

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 07 April 2015 15:59 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E05001B3726; Tue, 7 Apr 2015 08:59:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zeo2XUPdpx7t; Tue, 7 Apr 2015 08:59:41 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6E831B3723; Tue, 7 Apr 2015 08:59:40 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 679AEBE64; Tue, 7 Apr 2015 16:59:39 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Il5B2vZx2p2; Tue, 7 Apr 2015 16:59:39 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 395E9BE57; Tue, 7 Apr 2015 16:59:39 +0100 (IST)
Message-ID: <5523FEEB.60000@cs.tcd.ie>
Date: Tue, 07 Apr 2015 16:59:39 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: Robert Sparks <rjsparks@nostrum.com>, Ben Campbell <ben@nostrum.com>, Derek Atkins <derek@ihtfp.com>
References: <sjmoaosz53h.fsf@securerf.ihtfp.org> <54E3A32F.2010008@jmvalin.ca> <760B7D45D1EFF74988DBF5C2122830C24D064CDE@szxpml507-mbx.exmail.huawei.com> <sjmk2zdzv6g.fsf@securerf.ihtfp.org> <916F29B3-E392-481B-A269-FBA58DFEF14D@nostrum.com> <551C612B.4030702@mozilla.com> <C3DD8EE5-B066-4C06-99F4-B9147A128811@nostrum.com> <C17AE3D5-F62D-42A3-9F1F-885BF1B984EB@nostrum.com> <551EFB9C.4040504@xiph.org> <sjmy4m5grwp.fsf@securerf.ihtfp.org> <269A06E2-6704-4E5E-BBFD-92F157639261@nostrum.com> <5522D40E.8040402@nostrum.com>
In-Reply-To: <5522D40E.8040402@nostrum.com>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/8BVWORkLW8rYC_XHqgjFyRH6YNY>
Cc: "secdir@ietf.org" <secdir@ietf.org>, payload@ietf.org, "jspittka@gmail.com" <jspittka@gmail.com>, "iesg@ietf.org" <iesg@ietf.org>, "payload-chairs@tools.ietf.org" <payload-chairs@tools.ietf.org>, "koenvos74@gmail.com" <koenvos74@gmail.com>
Subject: Re: [secdir] [payload] sec-dir review of draft-ietf-payload-rtp-opus-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Apr 2015 15:59:47 -0000

Hiya,

Sorry for coming late to this thread (#include <itwasaweekend.h> :-)

On 06/04/15 19:44, Robert Sparks wrote:
[...]
>>
>> I'm saying this is the wrong layer to solve the problem.
>>
>> We had some work planned to better specify this in general for RTP. I
>> think the right answer is finish that work. If we do that right, it
>> should apply regardless of codec.
>>
> That's exactly right.
> 
> We've had this conversation several times before. The individual payload
> documents are not the place to add the kind of guidance Derek is asking
> for. They should be about how you put things in RTP, not how
> applications use (and secure RTP), unless there's something unique about
> the payload that interacts with the general mechanics for using and
> securing RTP.

Robert is correct.

> Stephen will remember that we've queued up work on a document that would
> describe securing unicast RTP set up with SDP (capturing the outcome of
> the rtpsec bof at IETF68). The last I heard on the subject Dan Wing was
> taking the token to work on that document, but it's been awhile. That's
> where the effort should focus - an individual payload document is not
> the right place.

I do recall that now that you mention it. But if it's not actually
going to happen, then maybe we should rethink the approach, even if
that'd result in repeated text in payload format drafts.

Who knows the status of that work?

S.


> 
> 
>>
>> _______________________________________________
>> payload mailing list
>> payload@ietf.org
>> https://www.ietf.org/mailman/listinfo/payload
> 
> _______________________________________________
> secdir mailing list
> secdir@ietf.org
> https://www.ietf.org/mailman/listinfo/secdir
> wiki: http://tools.ietf.org/area/sec/trac/wiki/SecDirReview