IETF Logo Mail Archive

[secdir] Secdir review of draft-ietf-avtcore-rtp-scip-02

Magnus Nyström <magnusn@gmail.com> Wed, 31 August 2022 05:04 UTC

Return-Path: <magnusn@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6419BC14CE33; Tue, 30 Aug 2022 22:04:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22JnOVQQKot3; Tue, 30 Aug 2022 22:04:13 -0700 (PDT)
Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com [IPv6:2a00:1450:4864:20::630]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA5A8C14CF15; Tue, 30 Aug 2022 22:04:13 -0700 (PDT)
Received: by mail-ej1-x630.google.com with SMTP id se27so18379314ejb.8; Tue, 30 Aug 2022 22:04:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc; bh=9Qm42JytfytCNP+Jjv49O9kAhPt0VxlqDFooA1Q88to=; b=Ud7IS+lKtAZTn+pUUomN1W13/pGTozOE+g2GMZALS5NUzKfaJ3GM4vXxZlLYZ8GxT5 uH+r8quoGoofa0QwaLV7ihculPTKJ54U3Jzk4d+Pjz0GMKiE89xyeERfUq6u/V+u1Ngi y8mW/r+0FwnrsQucTVrJsSw9g/J9VGCxN0fSUJZT76o2jTSDmyr6RGeoarleYpDOkqZt kcRk8X+CK1iE3nxf/9tJNB6AvSkdqvGH3n11veAc1tPt+OSIrAWMxugKy2tyTvUwYtIw b69R2bOFf/Auz6WfbPN0f9TUtEosSChSJbDaMgu7lZs+QgAsP6JlBfgmJWKmb+j4jSB1 CCkw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc; bh=9Qm42JytfytCNP+Jjv49O9kAhPt0VxlqDFooA1Q88to=; b=xsqs9jGQiCZtoJuN+cHvtDCsIxIkegPXAv63h2v7/3LrKIjdBzlI/9RwmoqN59j7uf r9UxJcberMym3YY3XRls8Q/y5ci1D8hHnUUJNUbG/di1ePCD0SIRxAzXvRB3WzZ4xo8f nfqJqwKlI3/2LbcMuuUHrnnoGyo/HKoQo3PSbxLyUpMhYyX7j96Z2wk4PsXDjuA/Tzck Ex9EmUzqsdYimM7CxCbV3EeX8yfLQPZMLpW/9kVX0xojhfIYXlRWk0xoUoE8AkoUPQm/ bpASrSQs4N0xjOn4kjPgOzqyck/SSFeoCqX7miAMkQ681FglqZtSbFOeFKZt3NYAE5GH hC0Q==
X-Gm-Message-State: ACgBeo1aKt3xw68JkF4QLFJQYy050ha583ZmzhUVHObJRfCONQJ6qdOT o+eVseCKbnJ66rpN0IfqgimgFmC1/ZhcutlYM4ofCV4yT9Y=
X-Google-Smtp-Source: AA6agR7b8f9E6iBCevB/sWlEjGWIGdCIwsKNAq5qfFqPSWpIGo0crkSlRZ6GKG5aOBHeSPdBNmGp4TDMQ9oXS9Bju20=
X-Received: by 2002:a17:907:162a:b0:742:7a6:a812 with SMTP id hb42-20020a170907162a00b0074207a6a812mr5195609ejc.403.1661922252157; Tue, 30 Aug 2022 22:04:12 -0700 (PDT)
MIME-Version: 1.0
References: <CADajj4ZQnWkjKdWpBgsB0oyX8_Kzj6HOL-Vkm=TrByBQMEJfPw@mail.gmail.com> <CADajj4bCTF5EeF6DZkCHpP0_GTnUYQtqa0OE3qf3Z5_AmKWfyA@mail.gmail.com> <CADajj4YxgdNXkWX7dLP0nBDWXLSKFa8M_KWWCPCgfCibYtWkAw@mail.gmail.com> <CADajj4Yw13QWbSqF_hd+P_fcNA4_YvdwqF=OgJ4pdS_1vrWphA@mail.gmail.com> <CADajj4Zw+Js8neUujMbekReVdMMFcz46NDwdHsMdWXob6Upc_w@mail.gmail.com> <CADajj4aoBaSYTFFnvAjcL7mTnfoUJOWzvve=NRhgB3qe5X8uWQ@mail.gmail.com> <CADajj4ZTBoCHo2=RJhYFNMi+5L5JJwc_EqBkeyYUUfYsVk-vVw@mail.gmail.com> <CADajj4bAjmbXjQkzJPXBihWZko2msmrHG=-4D9zF4YaFAeU0XA@mail.gmail.com> <CADajj4b3iXHJHM8cEiFMJPK3XmcpW=8Cy2ERHpfuGw_NF53S7Q@mail.gmail.com> <CADajj4Y0RN=tMYfqgYG_jbPWyhxpfFNNL6af-AhBWJsnfFKn7A@mail.gmail.com>
In-Reply-To: <CADajj4Y0RN=tMYfqgYG_jbPWyhxpfFNNL6af-AhBWJsnfFKn7A@mail.gmail.com>
From: Magnus Nyström <magnusn@gmail.com>
Date: Tue, 30 Aug 2022 22:04:00 -0700
Message-ID: <CADajj4ab_HXA+kyYE8to7ZVD3XGcNq9X2fYkysBcG4N_VRuQtQ@mail.gmail.com>
To: secdir@ietf.org, draft-ietf-avtcore-rtp-scip@ietf.org
Content-Type: multipart/alternative; boundary="0000000000007bf9cb05e7826dd6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/luh-UArKvw5ytNi1COycC2iS5PU>
Subject: [secdir] Secdir review of draft-ietf-avtcore-rtp-scip-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Aug 2022 05:04:18 -0000

> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the IESG.
> These comments were written primarily for the benefit of the security area
> directors.  Document editors and WG chairs should treat these comments just
> like any other comments.
>

The above mentioned draft describes the RTP payload format of the "Secure
Communication Interoperability Protocol" as audio and video media subtypes,
with corresponding media subtype definitions.

While the draft as such only provides the payload formats, it seems strange
to have an Internet-Draft fully dependent on a protocol which isn't even
referenced in the memo. SCIP is mentioned several times, but there's no
reference to the definition of the protocol. The only reference is to a
"SCIP SIgnaling Plan", but access to that document appears to require an
email-based request to a NATO email address. Should such a document become
a Standards-track RFC?

The Security Considerations section only talks about possible complexity
introduced by the new media subtypes, which may be adequate, but does not
discuss general considerations to take in the context of supporting SCIP.
To my earlier comment, if SCIP itself isn't readily available, there seems
to be a gap here.

Thanks,
-- Magnus

v2.14.0 | Report a Bug | By Email