[secdir] Secdir last call review of draft-ietf-payload-tsvcis-03
Catherine Meadows via Datatracker <firstname.lastname@example.org> Thu, 10 October 2019 22:01 UTC
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 300AA120115; Thu, 10 Oct 2019 15:01:42 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
From: Catherine Meadows via Datatracker <email@example.com>
Cc: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org
Reply-To: Catherine Meadows <email@example.com>
Date: Thu, 10 Oct 2019 15:01:42 -0700
Subject: [secdir] Secdir last call review of draft-ietf-payload-tsvcis-03
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:firstname.lastname@example.org?subject=unsubscribe>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:email@example.com?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2019 22:01:49 -0000
Reviewer: Catherine Meadows Review result: Has Nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes a payload format for the Tactical Secure Voice Cryptographic Interoperability Specification (TSVCIS) speech coder data when it is sent over RTP. The security considerations section is very thorough. The authors point out the appropriate RTP RFC’s for relevant security considerations, and also discuss the likelihood of the TSVCIS data being used to launch a denial of service attack. There are two places where I think things should be further clarified. I believe these count more as nits than issues. 1. This RTP payload format and the TSVCIS decoder do not exhibit any significant non-uniformity in the receiver-side computational complexity for packet processing How do you conclude that they do not have any significant non-uniformity? I would recommend either providing a reference or some other evidence, or qualify it somehow, e.g. “To the best of our knowledge, …” or “in our experience ..” 2. The relevance of the last sentence, about VAD and its effect on bitrates, is not clear. I would recommend adding a sentence explaining that. You should also spell out VAD as well as give the acronym.
- [secdir] Secdir last call review of draft-ietf-pa… Catherine Meadows via Datatracker