Re: [secdir] Secdir review of draft-ietf-payload-rtp-aptx-04
Tero Kivinen <kivinen@iki.fi> Thu, 23 January 2014 16:15 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DEB11A0047; Thu, 23 Jan 2014 08:15:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.436
X-Spam-Level:
X-Spam-Status: No, score=-2.436 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.535, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c7i68y1acQhZ; Thu, 23 Jan 2014 08:15:15 -0800 (PST)
Received: from mail.kivinen.iki.fi (fireball.kivinen.iki.fi [IPv6:2001:1bc8:100d::2]) by ietfa.amsl.com (Postfix) with ESMTP id 6D7D61A001B; Thu, 23 Jan 2014 08:15:15 -0800 (PST)
Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.7/8.14.5) with ESMTP id s0NGFCNj005487 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 23 Jan 2014 18:15:12 +0200 (EET)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.7/8.12.11) id s0NGFBjE002885; Thu, 23 Jan 2014 18:15:11 +0200 (EET)
X-Authentication-Warning: fireball.kivinen.iki.fi: kivinen set sender to kivinen@iki.fi using -f
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <21217.16399.623639.865298@fireball.kivinen.iki.fi>
Date: Thu, 23 Jan 2014 18:15:11 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: John Lindsay <Lindsay@worldcastsystems.com>
In-Reply-To: <8C4E0C2409735E4FBC22D754A238F94D0303D9C4@APTSBS.apt.local>
References: <21152.30161.542379.749064@fireball.kivinen.iki.fi> <8C4E0C2409735E4FBC22D754A238F94D0303D9C4@APTSBS.apt.local>
X-Mailer: VM 8.2.0b under 24.3.1 (x86_64--netbsd)
X-Edit-Time: 2 min
X-Total-Time: 1 min
Cc: iesg@ietf.org, draft-ietf-payload-rtp-aptx.all@tools.ietf.org, secdir@ietf.org
Subject: Re: [secdir] Secdir review of draft-ietf-payload-rtp-aptx-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2014 16:15:29 -0000
John Lindsay writes: > Firstly apologies for the delay in replying, this is the first RFC draft > I have been involved with and I was not sure of the process. > You are correct the coded is a constant bit rate encoder and hence not > vulnerable to the methods described in in the > draft-ietf-avtcore-srtp-vbr-audio document. > > If its felt necessary a note to this affect can be added to the security > considerations section. Either way is good for me. > -----Original Message----- > From: Tero Kivinen [mailto:kivinen@iki.fi] > Sent: 05 December 2013 12:47 > To: iesg@ietf.org; secdir@ietf.org; > draft-ietf-payload-rtp-aptx.all@tools.ietf.org > Subject: Secdir review of draft-ietf-payload-rtp-aptx-04 > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the IESG. > These comments were written primarily for the benefit of the security > area directors. Document editors and WG chairs should treat these > comments just like any other last call comments. > > This document describes how to transmit proprietary audio codec > algorithms standard apt-X and enchanced apt-X in the RTP. The document > has security considerations section which seems to be OK. > > If I have understood correctly the codec is constant bit rate codec, > thus it is not vulnerable to the traffic analysis attacks described for > example in the draft-ietf-avtcore-srtp-vbr-audio document. Perhaps the > security considerations section could note that these codecs are not > vulnerable to those attacks (if that is in deed true). > -- > kivinen@iki.fi -- kivinen@iki.fi
- [secdir] Secdir review of draft-ietf-payload-rtp-… Tero Kivinen
- Re: [secdir] Secdir review of draft-ietf-payload-… John Lindsay
- Re: [secdir] Secdir review of draft-ietf-payload-… Tero Kivinen