[secdir] SECDIR review of draft-ietf-avt-rtp-mps-02.txt
"Dan Harkins" <dharkins@lounge.org> Mon, 08 June 2009 23:22 UTC
Return-Path: <dharkins@lounge.org>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3C57A3A6A88; Mon, 8 Jun 2009 16:22:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.265
X-Spam-Level:
X-Spam-Status: No, score=-6.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5MNGQLVyu21V; Mon, 8 Jun 2009 16:22:52 -0700 (PDT)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by core3.amsl.com (Postfix) with ESMTP id 684CD3A63CB; Mon, 8 Jun 2009 16:22:52 -0700 (PDT)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id E975EA888108; Mon, 8 Jun 2009 16:22:57 -0700 (PDT)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Mon, 8 Jun 2009 16:22:57 -0700 (PDT)
Message-ID: <8ef65cd7e977e2d73a3702a524cada0b.squirrel@www.trepanning.net>
Date: Mon, 08 Jun 2009 16:22:57 -0700
From: Dan Harkins <dharkins@lounge.org>
To: iesg@ietf.org, secdir@ietf.org, avt-chars@tools.ietf.org, fluffy@cisco.com
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: frans.de.bont@phillips.com, "malte.schmidt@dolby.com" <ralph.sperschneider@iis.fraunhofer.de>, stefan.doehla@iis.fraunhofer.de
Subject: [secdir] SECDIR review of draft-ietf-avt-rtp-mps-02.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jun 2009 23:22:58 -0000
Hi, I have reviewed this document as part of the Security Directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the Security Area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document extends the RTP payload format to transport MPEG Surround multi-channel audio. By extending the RTP payload format, this document states that it is "subject to the security considerations of the RTP specification" itself. It also informatively cuts-and-pastes from the security considerations of RFC 3640. I see no problem with that. While it's not an issue that needs addressing in this draft, it seems to me that this draft takes advantage of a covert channel in an ISO Standard on the coding of audo-visual objects-- "skip unknown extension data" in a stream. RFC 3640 discusses the possibility of crashing a system using this bug^H^H^Hfeature but does not mention the covert channel possibilities. It would be nice to mention that in a successor to RFC 3640 if there ever is one. Minor issues: - missing reference to SDP, RFC 2327 - please spell out "Advanced Audio Coding" before using the acronym AAC (assuming that's what it meant). - the term "High Efficiency AAC" is used after the acronym HE-AAC. Please reverse that. regards, Dan.
- [secdir] SECDIR review of draft-ietf-avt-rtp-mps-… Dan Harkins
- Re: [secdir] [Fwd: SECDIR review of draft-ietf-av… Bont, Frans de
- Re: [secdir] [Fwd: SECDIR review of draft-ietf-av… Dan Harkins
- Re: [secdir] [Fwd: SECDIR review of draft-ietf-av… Stefan Döhla
- Re: [secdir] [Fwd: SECDIR review of draft-ietf-av… Dan Harkins