Re: [secdir] [payload] sec-dir review of draft-ietf-payload-rtp-opus-08

"Timothy B. Terriberry" <tterribe@xiph.org> Fri, 03 April 2015 20:44 UTC

Return-Path: <tterribe@xiph.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 587251A0373; Fri, 3 Apr 2015 13:44:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.977
X-Spam-Level:
X-Spam-Status: No, score=-0.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_COM=0.311, SPF_FAIL=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rSU0VbJA4HsB; Fri, 3 Apr 2015 13:44:13 -0700 (PDT)
Received: from smtp.mozilla.org (mx2.scl3.mozilla.com [63.245.214.156]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAB631A036C; Fri, 3 Apr 2015 13:44:13 -0700 (PDT)
Received: from localhost (localhost6.localdomain [127.0.0.1]) by mx2.mail.scl3.mozilla.com (Postfix) with ESMTP id 45D4CC1AC0; Fri, 3 Apr 2015 20:44:13 +0000 (UTC)
X-Virus-Scanned: amavisd-new at mozilla.org
Received: from smtp.mozilla.org ([127.0.0.1]) by localhost (mx2.mail.scl3.mozilla.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KqwpudNTvkqY; Fri, 3 Apr 2015 20:44:13 +0000 (UTC)
Received: from [10.252.25.225] (corp.mtv2.mozilla.com [63.245.221.32]) (Authenticated sender: tterriberry@mozilla.com) by mx2.mail.scl3.mozilla.com (Postfix) with ESMTPSA id 26771C15B4; Fri, 3 Apr 2015 20:44:13 +0000 (UTC)
Message-ID: <551EFB9C.4040504@xiph.org>
Date: Fri, 03 Apr 2015 13:44:12 -0700
From: "Timothy B. Terriberry" <tterribe@xiph.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:29.0) Gecko/20100101 SeaMonkey/2.26
MIME-Version: 1.0
To: Ben Campbell <ben@nostrum.com>, Jean-Marc Valin <jmvalin@mozilla.com>
References: <sjmoaosz53h.fsf@securerf.ihtfp.org> <54E3A32F.2010008@jmvalin.ca> <760B7D45D1EFF74988DBF5C2122830C24D064CDE@szxpml507-mbx.exmail.huawei.com> <sjmk2zdzv6g.fsf@securerf.ihtfp.org> <916F29B3-E392-481B-A269-FBA58DFEF14D@nostrum.com> <551C612B.4030702@mozilla.com> <C3DD8EE5-B066-4C06-99F4-B9147A128811@nostrum.com> <C17AE3D5-F62D-42A3-9F1F-885BF1B984EB@nostrum.com>
In-Reply-To: <C17AE3D5-F62D-42A3-9F1F-885BF1B984EB@nostrum.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/8M7La8hDorTV0Tq5R_FWhxyn1mw>
X-Mailman-Approved-At: Fri, 03 Apr 2015 13:46:32 -0700
Cc: "secdir@ietf.org" <secdir@ietf.org>, payload@ietf.org, "jspittka@gmail.com" <jspittka@gmail.com>, "iesg@ietf.org" <iesg@ietf.org>, "payload-chairs@tools.ietf.org" <payload-chairs@tools.ietf.org>, "koenvos74@gmail.com" <koenvos74@gmail.com>
Subject: Re: [secdir] [payload] sec-dir review of draft-ietf-payload-rtp-opus-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Apr 2015 20:44:15 -0000

Ben Campbell wrote:
>> So my suggestion would be something more to the effect of:
>>
>> "Opus does not provide any built-in confidentiality or integrity
>> protection. Protection requirements vary between RTP applications.
>> See RFC 7201 and RFC 7202 for a discussion.

This seems like reasonable text to me. I agree with the rationale that 
preceded it. As much as I want to see encryption everywhere, a payload 
format is not the right place to mandate it.