Re: [secdir] secdir review of draft-ietf-mmusic-delayed-duplication
"Ali C. Begen (abegen)" <abegen@cisco.com> Wed, 18 September 2013 10:34 UTC
Return-Path: <abegen@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B10611E80F8; Wed, 18 Sep 2013 03:34:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -11.099
X-Spam-Level:
X-Spam-Status: No, score=-11.099 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rq5r1ah74afw; Wed, 18 Sep 2013 03:34:43 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) by ietfa.amsl.com (Postfix) with ESMTP id 4636A11E80E8; Wed, 18 Sep 2013 03:34:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2972; q=dns/txt; s=iport; t=1379500483; x=1380710083; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=P0yYq5mF7icR4l48VkF1l6FEqGHfRbQFs5zUivMEknc=; b=gOxPCJ8QxUoGjGXHm3FmX4qn1pHXOHqFvpcXvSwu4JPLUHkfKZKWE7ZC 14toFqWiEklRK3dbVIgYD4P+gQH106V0aRZzgjFkk9blWIqJZcKg5cukF 0vcMIwg5EPh4gT7EYVQ5/bMmrtE8sTdI/LFcCHTj0STUlrWCYV7S7dUla M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ag8FAGmBOVKtJV2a/2dsb2JhbABZgmYhgQrBKoEYFnSCJQEBAQMBeQULAgEIIiQhESUCBA4FCIdpAwkGAbBMDYkhjHuCOQIxB4MegQADiQCNEo4qhTODJIIq
X-IronPort-AV: E=Sophos;i="4.90,929,1371081600"; d="scan'208";a="261388576"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-4.cisco.com with ESMTP; 18 Sep 2013 10:34:42 +0000
Received: from xhc-rcd-x05.cisco.com (xhc-rcd-x05.cisco.com [173.37.183.79]) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id r8IAYglw016588 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 18 Sep 2013 10:34:42 GMT
Received: from xmb-aln-x01.cisco.com ([fe80::747b:83e1:9755:d453]) by xhc-rcd-x05.cisco.com ([173.37.183.79]) with mapi id 14.02.0318.004; Wed, 18 Sep 2013 05:34:42 -0500
From: "Ali C. Begen (abegen)" <abegen@cisco.com>
To: Radia Perlman <radiaperlman@gmail.com>
Thread-Topic: secdir review of draft-ietf-mmusic-delayed-duplication
Thread-Index: AQHOtDdAdN54ISzMl0uphv2lSYtXn5nLoFsA
Date: Wed, 18 Sep 2013 10:34:41 +0000
Message-ID: <C15918F2FCDA0243A7C919DA7C4BE9940E692299@xmb-aln-x01.cisco.com>
References: <CAFOuuo4cZLF28nyc9=_sPBsb-CeQvcNVjq6Bj=98ShLy7Du3yw@mail.gmail.com>
In-Reply-To: <CAFOuuo4cZLF28nyc9=_sPBsb-CeQvcNVjq6Bj=98ShLy7Du3yw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.86.254.222]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <461FF5A38E750849B960351E62C0AA5F@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "<draft-ietf-mmusic-delayed-duplication.all@tools.ietf.org>" <draft-ietf-mmusic-delayed-duplication.all@tools.ietf.org>, The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] secdir review of draft-ietf-mmusic-delayed-duplication
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Sep 2013 10:34:49 -0000
Hi Radia, On Sep 18, 2013, at 9:20 AM, Radia Perlman <radiaperlman@gmail.com> wrote: > I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. > > This document is about allowing a sender of a multicast stream to advertise that it will be sending duplicate streams offset in time, so that receivers can receive multiple copies...so that if packets are lost they will hopefully receive it from the later stream(s). > > From a security point of view, there's no reason to complain. However, I'm really dubious about what this will be used for, and whether this is the best way to solve the problem. How does one cope with loss? For instance... > a) request retransmissions of specific missing pieces, perhaps not from the original source, but from a redistribution point (e.g., zillions of scalable reliable multicast protocols that were talked about/published years ago) > b) send forward error correction so that the data can be reconstructed (e.g., Digital Fountain) > c) cope with glitches on your video when in rare cases, e.g., network topology changes, some data gets lost You are right, there are several different ways to deal with packet loss for both multicast and unicast. Retransmission, FEC, error concealment are all options. But the main use case for duplication is when there is a network outage for a period of time (i.e., bursty packet losses) like a route failure, hardware failure, etc. and all the packets transmitted during the outage will likely get lost until the route is repaired (could be 50 ms or 1 s or longer). Ret, FEC cannot deal with such outages. Concealment is not an option in most critical video apps, either. Duplication is a simple alternative. It has been deployed, it works and it is proven for this use case. > > I'm not sure multicast is used so much anyway. What are the applications today? It seems like most video is individual on-demand rather than multicast. heard IPTV? > And if there were some sort of multicast thing (like a sporting event), it seems like any combination of a), b), and c) above would be preferable to multicasting everything multiple times. We deployed all options you listed above as well as duplication. As I said, they provide resiliency in different use cases. > > A specific comment: In the security considerations section it says "the SDP description needs to be integrity protected..." Is this MUST be? SHOULD be? I dont think it deserves a 2119 keyword, there. Unless you have a strong objection, I prefer to keep it as it is. many thanks. -acbegen > > Radia
- [secdir] secdir review of draft-ietf-mmusic-delay… Radia Perlman
- Re: [secdir] secdir review of draft-ietf-mmusic-d… Ali C. Begen (abegen)