IETF Logo Mail Archive

[secdir] Secdir review of draft-ietf-avtcore-6222bis-03

Magnus Nyström <magnusn@gmail.com> Mon, 10 June 2013 06:37 UTC

Return-Path: <magnusn@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C420421F84B6; Sun, 9 Jun 2013 23:37:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.299
X-Spam-Level:
X-Spam-Status: No, score=-2.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CbEZdKJkcxff; Sun, 9 Jun 2013 23:37:25 -0700 (PDT)
Received: from mail-we0-x231.google.com (mail-we0-x231.google.com [IPv6:2a00:1450:400c:c03::231]) by ietfa.amsl.com (Postfix) with ESMTP id DFF3321F8FEB; Sun, 9 Jun 2013 23:37:24 -0700 (PDT)
Received: by mail-we0-f177.google.com with SMTP id m19so4512772wev.36 for <multiple recipients>; Sun, 09 Jun 2013 23:37:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=Gi3V7xMpgD9bHF+UUrihtfd5VJTpdR23btBJxvrhcf0=; b=efTtR0fJvaY/Ti8UQnapXMEGK+iuOuv3kIQ1H6xFSO2V+WRMw07lybxZNfrtOanFAw lGBqYkVZROg6CtNSACluQ8WOJnH5+nWmh7ckO1XEzyIL0HKv0CU3Zrp2Kn8odRRBOiMX 2JNoqfIPM+xEHUqjsvMKP20eFbd0vxAQErucZ+HBBd8E3NEBvt62l4MqyVUu22kC0uJ5 GBe2xnDywZb55DDdjuCCOVCMBoT8Clv8H6TT9lUJVezgH8sjGxthFhsaC3Gs+cMHrO2J icH7wsDviz0sflAz6W3P9C6HBmZHmq5RCkQmGMTdxQ5f+hYKokSZkv0n4vyBVbCB1kwn ZOfQ==
MIME-Version: 1.0
X-Received: by 10.180.105.231 with SMTP id gp7mr3881908wib.23.1370846244037; Sun, 09 Jun 2013 23:37:24 -0700 (PDT)
Received: by 10.180.163.168 with HTTP; Sun, 9 Jun 2013 23:37:23 -0700 (PDT)
Date: Sun, 09 Jun 2013 23:37:23 -0700
Message-ID: <CADajj4ZpeOL07XDHoB-rRxunu=fkV_ZJunXqSGZ9rmBGuoKM=g@mail.gmail.com>
From: Magnus Nyström <magnusn@gmail.com>
To: "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-avtcore-6222bis@tools.ietf.org
Content-Type: multipart/alternative; boundary="f46d0442881a6aeb8804dec703c9"
Cc: "iesg@ietf.org" <iesg@ietf.org>
Subject: [secdir] Secdir review of draft-ietf-avtcore-6222bis-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jun 2013 06:37:25 -0000

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments just
like any other last call comments.

This avtcore document describes a new method for generating unique RTCP
canonical names and obsoletes RFC 6222.
The Security Considerations section seems adequate to me.

(A few side comments:
- RFC 6222 is mentioned in several places (e.g., Section 1, Section 8).
Should it not also be a reference?
- In Section 4.2, it is stated that, if the RTP endpoint is in a
virtualized environment, then the MAC address may not be unique. In such
cases, the host shall use the other presented option for short-term
persistent RTP CNAMEs. I wonder if it in general is possible for an RTCP
endpoint to deterministically determine if its MAC address is unique? It is
not in general possible for a process to detect if it is running in a
virtualized OS.)

Thanks,
-- Magnus

v2.23.0 | Report a Bug | By Email