Re: [secdir] [payload] sec-dir review of draft-ietf-payload-rtp-opus-08

Robert Sparks <> Mon, 06 April 2015 18:44 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 5375E1A90BB; Mon, 6 Apr 2015 11:44:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Lb2ooZulJvob; Mon, 6 Apr 2015 11:44:43 -0700 (PDT)
Received: from ( [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 156561A90B4; Mon, 6 Apr 2015 11:44:43 -0700 (PDT)
Received: from unnumerable-2.local ( []) (authenticated bits=0) by (8.15.1/8.14.9) with ESMTPSA id t36IiZFP019732 (version=TLSv1.2 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 6 Apr 2015 13:44:35 -0500 (CDT) (envelope-from
X-Authentication-Warning: Host [] claimed to be unnumerable-2.local
Message-ID: <>
Date: Mon, 06 Apr 2015 13:44:30 -0500
From: Robert Sparks <>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Ben Campbell <>, Derek Atkins <>
References: <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <>
Cc: "" <>,, "" <>, "" <>, "" <>, "" <>
Subject: Re: [secdir] [payload] sec-dir review of draft-ietf-payload-rtp-opus-08
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 06 Apr 2015 18:44:47 -0000

inline (particularly for Derek)

On 4/6/15 11:13 AM, Ben Campbell wrote:
> On 6 Apr 2015, at 11:09, Derek Atkins wrote:
>> "Timothy B. Terriberry" <> writes:
>>> Ben Campbell wrote:
>>>>> So my suggestion would be something more to the effect of:
>>>>> "Opus does not provide any built-in confidentiality or integrity
>>>>> protection. Protection requirements vary between RTP applications.
>>>>> See RFC 7201 and RFC 7202 for a discussion.
>>> This seems like reasonable text to me. I agree with the rationale that
>>> preceded it. As much as I want to see encryption everywhere, a payload
>>> format is not the right place to mandate it.
>> As was stated already in this thread, the expected follow up drafts for
>> MTI security have not been written.
>> I leave it up to the Security ADs who have the real power here, but I
>> still prefer my original wording (including the SHOULD).
>> I understand your reluctance because it's a codec, but it's the first
>> codec to get through the process since the Perpass work, which basically
>> says "everything should be encrypted."  Since you cannot go back in time
>> to modify the existing RFCs, you can augment them going forward by other
>> additions.
>> As for the concern about "different security requirements for different
>> codecs", frankly I don't buy that argument.  Either your RTP application
>> supports security or it doesn't.  Once it does, it should be able to
>> negotiate that along side the codec negotitation.  So I don't see the
>> concern -- we're not mandating a specific security technology, just that
>> you SHOULD use one.  Well, that's true regardless of the codec, isn't
>> it?
>> Or are you really saying "We don't care about security.  We just want to
>> be able to use this codec in existing, insecure RTP applications without
>> adding new securty measures"?
> I'm saying this is the wrong layer to solve the problem.
> We had some work planned to better specify this in general for RTP. I 
> think the right answer is finish that work. If we do that right, it 
> should apply regardless of codec.
That's exactly right.

We've had this conversation several times before. The individual payload 
documents are not the place to add the kind of guidance Derek is asking 
for. They should be about how you put things in RTP, not how 
applications use (and secure RTP), unless there's something unique about 
the payload that interacts with the general mechanics for using and 
securing RTP.

Stephen will remember that we've queued up work on a document that would 
describe securing unicast RTP set up with SDP (capturing the outcome of 
the rtpsec bof at IETF68). The last I heard on the subject Dan Wing was 
taking the token to work on that document, but it's been awhile. That's 
where the effort should focus - an individual payload document is not 
the right place.

> _______________________________________________
> payload mailing list