Re: [secdir] Secdir review of draft-ietf-avtcore-6222bis-03
"Ali C. Begen (abegen)" <abegen@cisco.com> Mon, 10 June 2013 13:30 UTC
Return-Path: <abegen@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D99AD21F8FA1; Mon, 10 Jun 2013 06:30:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.299
X-Spam-Level:
X-Spam-Status: No, score=-10.299 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VBrznOhXIqNI; Mon, 10 Jun 2013 06:30:12 -0700 (PDT)
Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) by ietfa.amsl.com (Postfix) with ESMTP id 65B5F21F8E8F; Mon, 10 Jun 2013 06:30:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1656; q=dns/txt; s=iport; t=1370871011; x=1372080611; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=1TClMAZ7TBVpiT0Htc47wf04H4yfVQ8Y0hjAK6lw1QA=; b=AU+IG5rqr+4we0ZY2Q6H0XOhhZvp5kkGavfesMfxUE1mJ7KTDeY24ofG uVNLwcX2kX0opwfWK9CDLfa5g+T8/PdeRfHPNCI/0/Xsy21mn3O6iLiyI UOWkImj6PYQ0bZZ17gpyfMD3Efds/ZipIfluFs4S5iedWNDK34cjajnPc o=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgMFAPTTtVGtJXG9/2dsb2JhbABagmgheb5BgQQWdIIjAQEBAwF5BQsCAQgiJCERJQIEDgUIh3MDCQYBsDwNiFKMW4IqAjEHgn9hA4hojHGOBYUkgw+CJw
X-IronPort-AV: E=Sophos;i="4.87,837,1363132800"; d="scan'208";a="220898528"
Received: from rcdn-core2-2.cisco.com ([173.37.113.189]) by rcdn-iport-3.cisco.com with ESMTP; 10 Jun 2013 13:30:10 +0000
Received: from xhc-rcd-x10.cisco.com (xhc-rcd-x10.cisco.com [173.37.183.84]) by rcdn-core2-2.cisco.com (8.14.5/8.14.5) with ESMTP id r5ADUAcD028996 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 10 Jun 2013 13:30:10 GMT
Received: from xmb-aln-x01.cisco.com ([fe80::747b:83e1:9755:d453]) by xhc-rcd-x10.cisco.com ([173.37.183.84]) with mapi id 14.02.0318.004; Mon, 10 Jun 2013 08:30:10 -0500
From: "Ali C. Begen (abegen)" <abegen@cisco.com>
To: Magnus Nyström <magnusn@gmail.com>
Thread-Topic: Secdir review of draft-ietf-avtcore-6222bis-03
Thread-Index: AQHOZaUFNPUD6nElDEO1r2PQ5QubBJkvRb+A
Date: Mon, 10 Jun 2013 13:30:08 +0000
Message-ID: <C15918F2FCDA0243A7C919DA7C4BE9940D12D493@xmb-aln-x01.cisco.com>
References: <CADajj4ZpeOL07XDHoB-rRxunu=fkV_ZJunXqSGZ9rmBGuoKM=g@mail.gmail.com>
In-Reply-To: <CADajj4ZpeOL07XDHoB-rRxunu=fkV_ZJunXqSGZ9rmBGuoKM=g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.86.240.73]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <7391921F0480754A8D7243B5E8B6D68A@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailman-Approved-At: Mon, 10 Jun 2013 07:44:58 -0700
Cc: "<draft-ietf-avtcore-6222bis@tools.ietf.org>" <draft-ietf-avtcore-6222bis@tools.ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] Secdir review of draft-ietf-avtcore-6222bis-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jun 2013 13:30:18 -0000
On Jun 10, 2013, at 9:37 AM, Magnus Nyström <magnusn@gmail.com> wrote: > I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. Thanks. > These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. > This avtcore document describes a new method for generating unique RTCP canonical names and obsoletes RFC 6222. > > The Security Considerations section seems adequate to me. > > (A few side comments: > - RFC 6222 is mentioned in several places (e.g., Section 1, Section 8). Should it not also be a reference? I dont think it should as we are not requiring something from 6222. we are simply mentioning it to emphasize what 6222 did and what this document is doing. > - In Section 4.2, it is stated that, if the RTP endpoint is in a virtualized environment, then the MAC address may not be unique. In such cases, the host shall use the other presented option for short-term persistent RTP CNAMEs. I wonder if it in general is possible for an RTCP endpoint to deterministically determine if its MAC address is unique? It is not in general possible for a process to detect if it is running in a virtualized OS.) I am not sure about this (i.e., do not know how easy for a program to determine whether it is in a virtual system or not). I think if a program is likely to be in a virtual OS, it can simply default to the other option. > > Thanks, > -- Magnus
- [secdir] Secdir review of draft-ietf-avtcore-6222… Magnus Nyström
- Re: [secdir] Secdir review of draft-ietf-avtcore-… Ali C. Begen (abegen)
- Re: [secdir] Secdir review of draft-ietf-avtcore-… Magnus Nyström
- [secdir] Fwd: Secdir review of draft-ietf-avtcore… Magnus Nyström