Re: [secdir] Secdir review of draft-ietf-payload-rtp-aptx-04

"John Lindsay" <> Tue, 21 January 2014 12:20 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 5EA261A00BF; Tue, 21 Jan 2014 04:20:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 0.778
X-Spam-Status: No, score=0.778 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, SPF_NEUTRAL=0.779] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id lh8Ivg3WQCPo; Tue, 21 Jan 2014 04:20:00 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 585231A006A; Tue, 21 Jan 2014 04:20:00 -0800 (PST)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 21 Jan 2014 12:19:58 -0000
Message-ID: <8C4E0C2409735E4FBC22D754A238F94D0303D9C4@APTSBS.apt.local>
In-Reply-To: <>
Thread-Topic: Secdir review of draft-ietf-payload-rtp-aptx-04
thread-index: Ac7xusCplXnaV9qsQYWTwgG0ooxBcwk59InQ
References: <>
From: "John Lindsay" <>
To: "Tero Kivinen" <>, <>, <>, <>
X-Mailman-Approved-At: Tue, 21 Jan 2014 04:45:47 -0800
Subject: Re: [secdir] Secdir review of draft-ietf-payload-rtp-aptx-04
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 21 Jan 2014 12:20:03 -0000


Firstly apologies for the delay in replying, this is the first RFC draft
I have been involved with and I was not sure of the process.
You are correct the coded is a constant bit rate encoder and hence not
vulnerable to the methods described in in the
draft-ietf-avtcore-srtp-vbr-audio document.

If its felt necessary a note to this affect can be added to the security
considerations section.



-----Original Message-----
From: Tero Kivinen [] 
Sent: 05 December 2013 12:47
Subject: Secdir review of draft-ietf-payload-rtp-aptx-04

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors.  Document editors and WG chairs should treat these
comments just like any other last call comments.

This document describes how to transmit proprietary audio codec
algorithms standard apt-X and enchanced apt-X in the RTP. The document
has security considerations section which seems to be OK.

If I have understood correctly the codec is constant bit rate codec,
thus it is not vulnerable to the traffic analysis attacks described for
example in the draft-ietf-avtcore-srtp-vbr-audio document. Perhaps the
security considerations section could note that these codecs are not
vulnerable to those attacks (if that is in deed true).