[secdir] Secdir review of draft-ietf-mmusic-duplication-grouping-03
Vincent Roca <vincent.roca@inria.fr> Mon, 18 November 2013 15:03 UTC
Return-Path: <vincent.roca@inria.fr>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFE9011E8226; Mon, 18 Nov 2013 07:03:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.248
X-Spam-Level:
X-Spam-Status: No, score=-110.248 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_FR=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fNSc7+7sCnUC; Mon, 18 Nov 2013 07:03:45 -0800 (PST)
Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) by ietfa.amsl.com (Postfix) with ESMTP id CB3D711E81A1; Mon, 18 Nov 2013 06:58:05 -0800 (PST)
X-IronPort-AV: E=Sophos; i="4.93,724,1378850400"; d="scan'208,217"; a="43508314"
Received: from demeter.inrialpes.fr ([194.199.24.102]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/AES128-SHA; 18 Nov 2013 15:58:04 +0100
From: Vincent Roca <vincent.roca@inria.fr>
Content-Type: multipart/alternative; boundary="Apple-Mail-27-605074784"
Date: Mon, 18 Nov 2013 15:58:04 +0100
Message-Id: <D71EFBF3-3BD3-4782-9AAB-4489B068C946@inria.fr>
To: IESG <iesg@ietf.org>, draft-ietf-mmusic-duplication-grouping@tools.ietf.org, secdir@ietf.org
Mime-Version: 1.0 (Apple Message framework v1085)
X-Mailer: Apple Mail (2.1085)
Subject: [secdir] Secdir review of draft-ietf-mmusic-duplication-grouping-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Nov 2013 15:03:53 -0000
Hello, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. IMHO, the document is Almost ready. My main comment WRT this I-D is the following: 1- There is no reference to RFC4566 (SDP) security section! This is a pity as the security considerations are very well addressed in this RFC, much better than in the present I-D I would say. Additionally, I don't think that adding duplication grouping to SDP changes so much the situation WRT SDP security, so this is one more reason to have this reference. Otherwise: 2- The authors say that "there is a weak threat". Is the threat weak in the sense it is unlikely to happen (why?), or is it weak in the sense it will have limited consequences? In any case, I would be in favor of removing "weak" altogether. 3- Since we are now all aware of the necessity of making pervasive monitoring more complex, it could be useful to say that having some confidentiality is recommended (in addition to integrity and authentication of course). This is not discussed in RFC4566 (but it was published in 2006), so it's worth mentioning it in this I-D (no need to say much). Non security related comment: 4- The [IC2011] reference should be updated. It's published, and the volume/number are now known. Cheers, Vincent
- [secdir] Secdir review of draft-ietf-mmusic-dupli… Vincent Roca
- Re: [secdir] Secdir review of draft-ietf-mmusic-d… Ali C. Begen (abegen)
- Re: [secdir] Secdir review of draft-ietf-mmusic-d… Vincent Roca