[secdir] Secdir review of draft-ietf-avtcore-multi-media-rtp-session-10

"Christian Huitema" <huitema@huitema.net> Mon, 07 December 2015 03:43 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35AE81B2D36 for <secdir@ietfa.amsl.com>; Sun, 6 Dec 2015 19:43:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cSkpvDRD6hpl for <secdir@ietfa.amsl.com>; Sun, 6 Dec 2015 19:43:18 -0800 (PST)
Received: from xsmtp11.mail2web.com (xsmtp11.mail2web.com [168.144.250.181]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 384051B2D37 for <secdir@ietf.org>; Sun, 6 Dec 2015 19:43:17 -0800 (PST)
Received: from [10.5.2.14] (helo=xmail04.myhosting.com) by xsmtp11.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1a5mhn-0000c8-7J for secdir@ietf.org; Sun, 06 Dec 2015 22:43:15 -0500
Received: (qmail 9994 invoked from network); 7 Dec 2015 03:43:14 -0000
Received: from unknown (HELO huitema1) (Authenticated-user:_huitema@huitema.net@[24.16.156.113]) (envelope-sender <huitema@huitema.net>) by xmail04.myhosting.com (qmail-ldap-1.03) with ESMTPA for <draft-ietf-avtcore-multi-media-rtp-session.all@ietf.org>; 7 Dec 2015 03:43:14 -0000
From: "Christian Huitema" <huitema@huitema.net>
To: <iesg@ietf.org>, <draft-ietf-avtcore-multi-media-rtp-session.all@ietf.org>
Date: Sun, 6 Dec 2015 19:43:59 -0800
Message-ID: <063201d130a1$82b0fc80$8812f580$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AdEwoGBzhx8ZBs9KRnGm/M3+7Iybvg==
Content-Language: en-us
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/J_bPVxxtdR2kHXujGMH52DSNffA>
Cc: 'secdir' <secdir@ietf.org>
Subject: [secdir] Secdir review of draft-ietf-avtcore-multi-media-rtp-session-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Dec 2015 03:43:19 -0000

I reviewed this document as part of the Security Directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the Security Area
Directors.  Document authors, document editors, and WG chairs should
treat these comments just like any other IETF Last Call comments.

Version reviewed: draft-ietf-avtcore-multi-media-rtp-session-10

Summary: Ready

The draft proposes to allow RTP streams to carry multiple media streams, 
relaxing the opposite requirement expressed in RFC 3550 and RFC 3551. 
The draft is well written and easy to understand, from the motivation of 
easier session establishment to the various details of RTP that have 
to be taken care of.

The security session addresses the main security implication of carrying
multiple media in a single stream. Whereas previous each media could be
secured independently, all media multiplexed on a single stream will share 
the same security protections. This can be positive if the security of all
meets the most stringent requirement, or negative if the implementers
picked a lowest common denominator. I don't believe that there is much 
of a practical concern there.

Note: I mistakenly sent previously a review for 
draft-westerlund-avtcore-multi-media-rtp-session-11, the version of
this draft before WG adoption. The final version contains many improvements,

but the security considerations are unchanged.

-- Christian Huitema