[secdir] Security review of draft-ietf-avtext-rid-04

"Hilarie Orman" <hilarie@purplestreak.com> Tue, 09 August 2016 06:03 UTC

Return-Path: <hilarie@purplestreak.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 9CACF12B075; Mon, 8 Aug 2016 23:03:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id WFPF_SFIoUXA; Mon, 8 Aug 2016 23:03:42 -0700 (PDT)
Received: from out03.mta.xmission.com (out03.mta.xmission.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89CC812B062; Mon, 8 Aug 2016 23:03:42 -0700 (PDT)
Received: from in01.mta.xmission.com ([]) by out03.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from <hilarie@purplestreak.com>) id 1bX08a-0007cr-Vu; Tue, 09 Aug 2016 00:03:41 -0600
Received: from [] (helo=rumpleteazer.rhmr.com) by in01.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.87) (envelope-from <hilarie@purplestreak.com>) id 1bX08a-0003IZ-4f; Tue, 09 Aug 2016 00:03:40 -0600
Received: from rumpleteazer.rhmr.com (localhost []) by rumpleteazer.rhmr.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id u7962nSk025111; Tue, 9 Aug 2016 00:02:49 -0600
Received: (from hilarie@localhost) by rumpleteazer.rhmr.com (8.14.4/8.14.4/Submit) id u7962mQc025110; Tue, 9 Aug 2016 00:02:48 -0600
Date: Tue, 09 Aug 2016 00:02:48 -0600
Message-Id: <201608090602.u7962mQc025110@rumpleteazer.rhmr.com>
From: Hilarie Orman <hilarie@purplestreak.com>
To: iesg@ietf.org
X-XM-SPF: eid=1bX08a-0003IZ-4f; ; ; mid=<201608090602.u7962mQc025110@rumpleteazer.rhmr.com>; ; ; hst=in01.mta.xmission.com; ; ; ip=; ; ; frm=hilarie@purplestreak.com; ; ; spf=none
X-XM-AID: U2FsdGVkX1/idD172fKFEnYK/1QDBR8f
X-SA-Exim-Mail-From: hilarie@purplestreak.com
X-Spam-DCC: XMission; sa06 1397; Body=1 Fuz1=1 Fuz2=1
X-Spam-Combo: ***;iesg@ietf.org
X-Spam-Timing: total 397 ms - load_scoreonly_sql: 0.06 (0.0%), signal_user_changed: 4.5 (1.1%), b_tie_ro: 3.3 (0.8%), parse: 3.1 (0.8%), extract_message_metadata: 8 (1.9%), get_uri_detail_list: 1.52 (0.4%), tests_pri_-1000: 4.1 (1.0%), tests_pri_-950: 1.50 (0.4%), tests_pri_-900: 1.18 (0.3%), tests_pri_-400: 24 (6.0%), check_bayes: 22 (5.6%), b_tokenize: 6 (1.5%), b_tok_get_all: 7 (1.6%), b_comp_prob: 2.8 (0.7%), b_tok_touch_all: 3.2 (0.8%), b_finish: 1.26 (0.3%), tests_pri_0: 341 (85.9%), check_dkim_signature: 0.79 (0.2%), check_dkim_adsp: 44 (11.0%), tests_pri_500: 6 (1.5%), rewrite_mail: 0.00 (0.0%)
X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600)
X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com)
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/SvxeSHsSLrA5ytoaCG9NiRlVRAU>
Cc: draft-ietf-avtext-rid.all@tools.ietf.org, secdir@ietf.org
Subject: [secdir] Security review of draft-ietf-avtext-rid-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: Hilarie Orman <hilarie@purplestreak.com>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2016 06:03:43 -0000

Security review of
RTP Stream Identifier Source Description (SDES)

Do not be alarmed.  I have reviewed this document as part of the
security directorate's ongoing effort to review all IETF documents
being processed by the IESG.  These comments were written primarily
for the benefit of the security area directors.  Document editors and
WG chairs should treat these comments just like any other last call

We begin by quoting from the document:

   This document defines and registers two new RTCP SDES items.  One,
   named RtpStreamId, is used for unique identification of RTP streams.
   The other, RepairedRtpStreamId, can be used to identify which stream
   a redundancy RTP stream is to be used to repair.

Security considerations:
   The actual identifiers used for RtpStreamIds (and therefore
   RepairedRtpStreamIds) are expected to be opaque."

"Opaque" seems to mean "no one cares what it is."  Nonetheless, a
protocol should give some guidance about this.  Taking the value from
a global 64-bit counter, for example, could leak information about the
global state of the machine.  Having a short counter for each session
with a starting value of 0 would probably be OK.  Having a short
counter start at a random value and wraps around would probably be OK.

The "terminology" section could be improved by EAFMA and RUP
(expanding a few more acronyms and removing unused phrases).  MSID and
SSRC are not expanded; "encoded stream" is never used.