Re: [secdir] [payload] sec-dir review of draft-ietf-payload-rtp-opus-08

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Wed, 08 April 2015 00:12 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88A8E1ACDE7; Tue, 7 Apr 2015 17:12:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PUpd6Pyj9pwM; Tue, 7 Apr 2015 17:12:22 -0700 (PDT)
Received: from mail-lb0-x22a.google.com (mail-lb0-x22a.google.com [IPv6:2a00:1450:4010:c04::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5CD2D1ACDE6; Tue, 7 Apr 2015 17:12:21 -0700 (PDT)
Received: by lbbqq2 with SMTP id qq2so46356281lbb.3; Tue, 07 Apr 2015 17:12:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=f/5tONVwPB86J5yMSrjNO5p1qHyWbzPUeZ/HbDrG21k=; b=f1uMC9lim1amZyxSf2UoiMKGuukZ4v0jKovkaiglaaYuBTaAsdxIYJtX3lyCvqARbs ERXCojmZ4q+0gnazR8VIFeZ/V/9fHR+pyFa2t/TxZO+pIaoo1/A4zv6OUXfOdLn1Jbdh XSdJTWglVKJhos2XWrm+/0CVDzmHDXGn4CNTeuvaqQh2XrAciLEIl+Oja6ACjF1zTTyK 49r+POxBcIp9xCbWrbZz8GsPfGsJfEIaxydP8PwK1nYeF/Cx1LPainFz8L+sm+Burnxq azOQmqvWp+KprZMioEzp74Z5BOdBvjPaNJXb+QBAsIv71fAwq9Qw7y2yd5YkNpCdfMWE C9cQ==
MIME-Version: 1.0
X-Received: by 10.112.167.228 with SMTP id zr4mr20352402lbb.113.1428451939828; Tue, 07 Apr 2015 17:12:19 -0700 (PDT)
Received: by 10.112.167.101 with HTTP; Tue, 7 Apr 2015 17:12:19 -0700 (PDT)
In-Reply-To: <sjmpp7ggft8.fsf@securerf.ihtfp.org>
References: <sjmoaosz53h.fsf@securerf.ihtfp.org> <54E3A32F.2010008@jmvalin.ca> <760B7D45D1EFF74988DBF5C2122830C24D064CDE@szxpml507-mbx.exmail.huawei.com> <sjmk2zdzv6g.fsf@securerf.ihtfp.org> <916F29B3-E392-481B-A269-FBA58DFEF14D@nostrum.com> <551C612B.4030702@mozilla.com> <C3DD8EE5-B066-4C06-99F4-B9147A128811@nostrum.com> <C17AE3D5-F62D-42A3-9F1F-885BF1B984EB@nostrum.com> <551EFB9C.4040504@xiph.org> <sjmy4m5grwp.fsf@securerf.ihtfp.org> <269A06E2-6704-4E5E-BBFD-92F157639261@nostrum.com> <5522D40E.8040402@nostrum.com> <73626E80-1EBA-4A85-83DD-32423649DBD1@csperkins.org> <035501d0711a$7856b0a0$690411e0$@gmail.com> <5523C5AE.7040108@mozilla.com> <sjmpp7ggft8.fsf@securerf.ihtfp.org>
Date: Tue, 7 Apr 2015 20:12:19 -0400
Message-ID: <CAHbuEH63BtaENfm6-_itp1eLtSCyC8LRvGbGPbKVAR-k6GQdZA@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: Derek Atkins <derek@ihtfp.com>
Content-Type: multipart/alternative; boundary=001a11c2432a73c7e005132b6237
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/BLEUuRFWUJewRlrOq6nRfe-wBEw>
Cc: Roni Even <ron.even.tlv@gmail.com>, Jean-Marc Valin <jmvalin@mozilla.com>, "secdir@ietf.org" <secdir@ietf.org>, payload@ietf.org, jspittka@gmail.com, "iesg@ietf.org" <iesg@ietf.org>, payload-chairs@tools.ietf.org, koenvos74@gmail.com, Colin Perkins <csp@csperkins.org>, Robert Sparks <rjsparks@nostrum.com>
Subject: Re: [secdir] [payload] sec-dir review of draft-ietf-payload-rtp-opus-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Apr 2015 00:12:24 -0000

On Tue, Apr 7, 2015 at 10:42 AM, Derek Atkins <derek@ihtfp.com> wrote:

> Hi,
>
> Jean-Marc Valin <jmvalin@mozilla.com> writes:
>
> > Does anyone object to this earlier proposal?
> >
> > "Opus does not provide any built-in confidentiality or integrity
> > protection. Protection requirements vary between RTP applications. See
> > RFC 7201 and RFC 7202 for a discussion."
>

I'm okay with this text and did read the subsequent messages in this
thread.  Since there is a MAY already for session encryption, that's why we
were inserting a SHOULD.  I'm fine with getting rid of the RFC2119
language, but having some generic advice about RTP payloads.  Since there
is no draft ready or in the works to fix this problem where it should be
fixed, I do think it's a good idea to address the concern here and going
forward.  Once it's fixed int eh right place, then references and text
changes going forward.

Thanks for the discussion on this.

Kathleen

>
> > If not, that's probably what should go in the RFC (assuming it works
> > for Kathleen Moriarty's DISCUSS too).
> >
> >       Jean-Marc
>
> It's not quite as strong a statement as I'd like to see, but if Kathleen
> is okay with it then I'm okay with it.
>
> -derek
>
> --
>        Derek Atkins                 617-623-3745
>        derek@ihtfp.com             www.ihtfp.com
>        Computer and Internet Security Consultant
>
>


-- 

Best regards,
Kathleen