[secdir] Secdir last call review of draft-ietf-payload-tsvcis-03

Catherine Meadows via Datatracker <noreply@ietf.org> Thu, 10 October 2019 22:01 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 300AA120115; Thu, 10 Oct 2019 15:01:42 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Catherine Meadows via Datatracker <noreply@ietf.org>
To: <secdir@ietf.org>
Cc: ietf@ietf.org, avt@ietf.org, draft-ietf-payload-tsvcis.all@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.105.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Catherine Meadows <catherine.meadows@nrl.navy.mil>
Message-ID: <157074490209.20360.17786614202331955424@ietfa.amsl.com>
Date: Thu, 10 Oct 2019 15:01:42 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Ght99XgkKPESZ8f4KOxhM7oX-g8>
Subject: [secdir] Secdir last call review of draft-ietf-payload-tsvcis-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Oct 2019 22:01:49 -0000

Reviewer: Catherine Meadows
Review result: Has Nits

I have reviewed this document as part of the security directorate's
    ongoing effort to review all IETF documents being processed by the
    IESG.  These comments were written primarily for the benefit of the
    security area directors.  Document editors and WG chairs should treat
    these comments just like any other last call comments.

This document describes a payload format for the Tactical Secure Voice
Cryptographic Interoperability Specification (TSVCIS) speech coder data when it
is sent over RTP.

The security considerations section is very thorough.  The authors point out
the appropriate RTP RFC’s for relevant security considerations, and also
discuss the likelihood of the TSVCIS data being used to launch a denial of
service attack.

There are two places where I think things should be further clarified.  I
believe these count more as nits than issues.

1. This RTP payload format and the TSVCIS decoder do not exhibit any
 significant non-uniformity in the receiver-side computational
 complexity for packet processing

How do you conclude that they do not have any significant non-uniformity?
I would recommend either providing a reference or some other evidence,
or qualify it somehow, e.g. “To the best of our knowledge, …”  or “in our
experience ..”

2.  The relevance  of the last sentence, about VAD and its effect on bitrates,
is not clear.  I would recommend adding a sentence explaining that.  You should
also spell out VAD as well as give the acronym.