[secdir] secdir review of draft-ietf-mmusic-mux-exclusive-08

"Scott G. Kelly" <scott@hyperthought.com> Mon, 11 July 2016 23:45 UTC

Return-Path: <scott@hyperthought.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B45012D1A1 for <secdir@ietfa.amsl.com>; Mon, 11 Jul 2016 16:45:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZJyzwA3MycaW for <secdir@ietfa.amsl.com>; Mon, 11 Jul 2016 16:45:01 -0700 (PDT)
Received: from smtp122.iad3a.emailsrvr.com (smtp122.iad3a.emailsrvr.com [173.203.187.122]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9683B12D0E1 for <secdir@ietf.org>; Mon, 11 Jul 2016 16:45:00 -0700 (PDT)
Received: from smtp8.relay.iad3a.emailsrvr.com (localhost.localdomain [127.0.0.1]) by smtp8.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 834B3380239; Mon, 11 Jul 2016 19:44:55 -0400 (EDT)
Received: from app20.wa-webapps.iad3a (relay-webapps.rsapps.net [172.27.255.140]) by smtp8.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 798573800F6; Mon, 11 Jul 2016 19:44:55 -0400 (EDT)
X-Sender-Id: scott@hyperthought.com
Received: from app20.wa-webapps.iad3a (relay-webapps.rsapps.net [172.27.255.140]) by 0.0.0.0:25 (trex/5.5.4); Mon, 11 Jul 2016 19:44:55 -0400
Received: from hyperthought.com (localhost [127.0.0.1]) by app20.wa-webapps.iad3a (Postfix) with ESMTP id 6A24DE1801; Mon, 11 Jul 2016 19:44:55 -0400 (EDT)
Received: by apps.rackspace.com (Authenticated sender: scott@hyperthought.com, from: scott@hyperthought.com) with HTTP; Mon, 11 Jul 2016 16:44:55 -0700 (PDT)
Date: Mon, 11 Jul 2016 16:44:55 -0700 (PDT)
From: "Scott G. Kelly" <scott@hyperthought.com>
To: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, draft-ietf-mmusic-mux-exclusive.all@ietf.org
MIME-Version: 1.0
Content-Type: text/plain;charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Importance: Normal
X-Priority: 3 (Normal)
X-Type: plain
X-Auth-ID: scott@hyperthought.com
Message-ID: <1468280695.41981082@apps.rackspace.com>
X-Mailer: webmail/12.5.1-RC
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/HpVDFntTzrdbu5BXUFsIw5M3AwM>
Subject: [secdir] secdir review of draft-ietf-mmusic-mux-exclusive-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jul 2016 23:45:02 -0000

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

My apologies for being a few days late with the review.

From the document abstract: 

   This document defines a new SDP media-level attribute, 'rtcp-mux-
   only', that can be used by an endpoint to indicate exclusive support
   of RTP/RTCP multiplexing.  The document also updates RFC 5761, by
   clarifying that an offerer can use a mechanism to indicate that it is
   not able to send and receive RTCP on separate ports.

The security considerations section says this introduces no new security considerations in addition to those specified in [RFC3605] and [RFC5761]. (Actually, it says "in additions", so that should be corrected).

I agree, I see no new issues.

--Scott