Re: [secdir] [payload] sec-dir review of draft-ietf-payload-rtp-opus-08

Colin Perkins <> Mon, 06 April 2015 18:51 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 0EE771A90CA; Mon, 6 Apr 2015 11:51:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id fdMZKNhWXqe7; Mon, 6 Apr 2015 11:50:56 -0700 (PDT)
Received: from ( [IPv6:2a00:1098:0:82:1000:0:2:1]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 96A131A90C7; Mon, 6 Apr 2015 11:50:56 -0700 (PDT)
Received: from [] (port=39688 helo=[]) by with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <>) id 1YfC6i-0001si-D2; Mon, 06 Apr 2015 19:50:52 +0100
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Colin Perkins <>
In-Reply-To: <>
Date: Mon, 6 Apr 2015 19:50:23 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <> <> <> <> <> <> <> <> <> <> <>
To: Robert Sparks <>
X-Mailer: Apple Mail (2.1878.6)
X-BlackCat-Spam-Score: -28
X-Mythic-Debug: Threshold = On =
Archived-At: <>
Cc: Ben Campbell <>, "" <>,, "" <>, "" <>, "" <>, "" <>
Subject: Re: [secdir] [payload] sec-dir review of draft-ietf-payload-rtp-opus-08
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 06 Apr 2015 18:51:01 -0000

On 6 Apr 2015, at 19:44, Robert Sparks <> wrote:
> inline (particularly for Derek)
> On 4/6/15 11:13 AM, Ben Campbell wrote:
>> On 6 Apr 2015, at 11:09, Derek Atkins wrote:
>>> "Timothy B. Terriberry" <> writes:
>>>> Ben Campbell wrote:
>>>>>> So my suggestion would be something more to the effect of:
>>>>>> "Opus does not provide any built-in confidentiality or integrity
>>>>>> protection. Protection requirements vary between RTP applications.
>>>>>> See RFC 7201 and RFC 7202 for a discussion.
>>>> This seems like reasonable text to me. I agree with the rationale that
>>>> preceded it. As much as I want to see encryption everywhere, a payload
>>>> format is not the right place to mandate it.
>>> As was stated already in this thread, the expected follow up drafts for
>>> MTI security have not been written.
>>> I leave it up to the Security ADs who have the real power here, but I
>>> still prefer my original wording (including the SHOULD).
>>> I understand your reluctance because it's a codec, but it's the first
>>> codec to get through the process since the Perpass work, which basically
>>> says "everything should be encrypted."  Since you cannot go back in time
>>> to modify the existing RFCs, you can augment them going forward by other
>>> additions.
>>> As for the concern about "different security requirements for different
>>> codecs", frankly I don't buy that argument.  Either your RTP application
>>> supports security or it doesn't.  Once it does, it should be able to
>>> negotiate that along side the codec negotitation.  So I don't see the
>>> concern -- we're not mandating a specific security technology, just that
>>> you SHOULD use one.  Well, that's true regardless of the codec, isn't
>>> it?
>>> Or are you really saying "We don't care about security.  We just want to
>>> be able to use this codec in existing, insecure RTP applications without
>>> adding new securty measures"?
>> I'm saying this is the wrong layer to solve the problem.
>> We had some work planned to better specify this in general for RTP. I think the right answer is finish that work. If we do that right, it should apply regardless of codec.
> That's exactly right.
> We've had this conversation several times before. The individual payload documents are not the place to add the kind of guidance Derek is asking for. They should be about how you put things in RTP, not how applications use (and secure RTP), unless there's something unique about the payload that interacts with the general mechanics for using and securing RTP.
> Stephen will remember that we've queued up work on a document that would describe securing unicast RTP set up with SDP (capturing the outcome of the rtpsec bof at IETF68). The last I heard on the subject Dan Wing was taking the token to work on that document, but it's been awhile. That's where the effort should focus - an individual payload document is not the right place.


As Robert, and others, say, RTP payload format documents are not the right place to mandate security mechanisms. This is the point of RFC7202, which is about how strong security can best be defined for classes of RTP applications. This is not in conflict with the perpass work, since the goal of RFC7202 is to show how to provide strong security.

Colin Perkins