[secdir] FW: secdir review of draft-ietf-avtext-multiple-clock-rates-10
"ietfdbh" <ietfdbh@comcast.net> Thu, 17 October 2013 18:50 UTC
Return-Path: <ietfdbh@comcast.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 99D6D11E81BB for <secdir@ietfa.amsl.com>; Thu, 17 Oct 2013 11:50:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.437
X-Spam-Level:
X-Spam-Status: No, score=-100.437 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pjgwz6QO-wgz for <secdir@ietfa.amsl.com>; Thu, 17 Oct 2013 11:50:11 -0700 (PDT)
Received: from qmta06.westchester.pa.mail.comcast.net (qmta06.westchester.pa.mail.comcast.net [IPv6:2001:558:fe14:43:76:96:62:56]) by ietfa.amsl.com (Postfix) with ESMTP id 4F34221F992B for <secdir@ietf.org>; Thu, 17 Oct 2013 11:50:09 -0700 (PDT)
Received: from omta21.westchester.pa.mail.comcast.net ([76.96.62.72]) by qmta06.westchester.pa.mail.comcast.net with comcast id eF3K1m0051ZXKqc56Jq98H; Thu, 17 Oct 2013 18:50:09 +0000
Received: from JV6RVH1 ([67.189.237.137]) by omta21.westchester.pa.mail.comcast.net with comcast id eJq81m00L2yZEBF3hJq8Lf; Thu, 17 Oct 2013 18:50:08 +0000
From: ietfdbh <ietfdbh@comcast.net>
To: secdir@ietf.org, iesg@ietf.org, draft-ietf-avtext-multiple-clock-rates.all@tools.ietf.org
References:
In-Reply-To:
Date: Thu, 17 Oct 2013 14:50:07 -0400
Message-ID: <03ad01cecb69$b3630a20$1a291e60$@comcast.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: Ac7KjG5sG8+TSU2tRzOncUzVPQmd5wA262Gg
Content-Language: en-us
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20121106; t=1382035809; bh=49DCFDS+wzFWvz2k1aDUWIOBWXCWAR/pZfY6nw3G8YI=; h=Received:Received:From:To:Subject:Date:Message-ID:MIME-Version: Content-Type; b=iRX2QMKoq/jPWx7ZqmnRTp/WhcbLnedYjMvn2vQawo7tyuGTFKqiVDTknCZQSN53h Sk5rj0UQ5+KrMPAhjNVv3q/ztYQ+0y1zbfaiJgHQLlPxSk0DxfWb62Jf++w2/oB4Mg iGlOfmkohgZZNqT9X5IPyKaVwbVhRpZfVsKMytxFs3rblL8hOAuDiJCj+rwl/qm3Xp CldDtQT/IQqT9JQKw5DSCYUp8EsN51gZh5J4N91fwhfwuhmV74GHzKN8HJJpj8JM4O Zy0WKUGL2nb69Wu0kuXdwfFHwPvkKz7IESBnKOfrdwls2HbwEWwzg8IZqDc6M6kCIh /K45XEIQsVeGQ==
Subject: [secdir] FW: secdir review of draft-ietf-avtext-multiple-clock-rates-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Oct 2013 18:50:17 -0000
Hi, Whoops. I forgot to copy this beyond the draft-ietf-avtext-multiple-clock-rates@ expansion. David Harrington ietfdbh@comcast.net +1-603-828-1401 > -----Original Message----- > From: ietfdbh [mailto:ietfdbh@comcast.net] > Sent: Wednesday, October 16, 2013 1:11 PM > To: 'draft-ietf-avtext-multiple-clock-rates@tools.ietf.org' > Subject: secdir review of draft-ietf-avtext-multiple-clock-rates-10 > > Hi, > > I have reviewed this document as part of the security directorate's ongoing > effort to review all IETF documents being processed by the IESG. These > comments were written primarily for the benefit of the security area > directors. Document editors and WG chairs should treat these comments just > like any other last call comments. > > This document clarifies the RTP specification when different clock > rates are used in an RTP session. It also provides guidance on how > to interoperate with legacy RTP implementations that use multiple > clock rates. It updates RFC 3550. > > The security considerations section says " This document is not believed to > effect the security of the RTP > sessions described here in any way." > > I have a concern. > > RFC3550 section 9.1 describes an encryption approach, and discusses the > weakness of the encryption method because of poor randomness of > timestamp offsets, and the potential for manipulation of the SSRC. > > Section 4 of the current document changes how SSRCs should be (must be) > manipulated for different scenarios, and recommends, but does not require, > different SSRCs for each clock rate. It also modifies how timestamps are > calculated. > > Since timestamps and SSRC manipulation are weaknesses of the encryption > approach in RFC 3550, section 9.1, I would expect more discussion of the > potential impact, or non-impact, of these changes to SSRCs and timestamps > vis-à-vis the encryption strength. > > David Harrington > ietfdbh@comcast.net > +1-603-828-1401
- [secdir] FW: secdir review of draft-ietf-avtext-m… ietfdbh
- Re: [secdir] FW: secdir review of draft-ietf-avte… Marc Petit-Huguenin