Re: [secdir] [payload] sec-dir review of draft-ietf-payload-rtp-opus-08

"Ben Campbell" <ben@nostrum.com> Thu, 09 April 2015 13:55 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 646D51A1AE3; Thu, 9 Apr 2015 06:55:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pCqJlBjuqe66; Thu, 9 Apr 2015 06:55:34 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6737D1A1ADB; Thu, 9 Apr 2015 06:55:33 -0700 (PDT)
Received: from [10.0.1.23] (cpe-70-119-203-4.tx.res.rr.com [70.119.203.4]) (authenticated bits=0) by nostrum.com (8.15.1/8.14.9) with ESMTPSA id t39DtGpr089659 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 9 Apr 2015 08:55:26 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-70-119-203-4.tx.res.rr.com [70.119.203.4] claimed to be [10.0.1.23]
From: "Ben Campbell" <ben@nostrum.com>
To: "Derek Atkins" <derek@ihtfp.com>
Date: Thu, 09 Apr 2015 08:55:15 -0500
Message-ID: <A60DCBAA-D124-498E-9C8C-55370B28C87C@nostrum.com>
In-Reply-To: <sjm4moph1fe.fsf@securerf.ihtfp.org>
References: <sjmoaosz53h.fsf@securerf.ihtfp.org> <916F29B3-E392-481B-A269-FBA58DFEF14D@nostrum.com> <551C612B.4030702@mozilla.com> <C3DD8EE5-B066-4C06-99F4-B9147A128811@nostrum.com> <C17AE3D5-F62D-42A3-9F1F-885BF1B984EB@nostrum.com> <551EFB9C.4040504@xiph.org> <sjmy4m5grwp.fsf@securerf.ihtfp.org> <269A06E2-6704-4E5E-BBFD-92F157639261@nostrum.com> <5522D40E.8040402@nostrum.com> <73626E80-1EBA-4A85-83DD-32423649DBD1@csperkins.org> <035501d0711a$7856b0a0$690411e0$@gmail.com> <5523C5AE.7040108@mozilla.com> <sjmpp7ggft8.fsf@securerf.ihtfp.org> <CAHbuEH63BtaENfm6-_itp1eLtSCyC8LRvGbGPbKVAR-k6GQdZA@mail.gmail.com> <927CC992-13D7-41B9-A9AF-7F4E31905DF2@csperkins.org> <sjmd23ehf4o.fsf@securerf.ihtfp.org> <402C1C17-65A1-4461-9CA8-D7035022DEFE@csperkins.org> <759691e866a2fc8c41aa43acc18cbd19.squirrel@mail2.ihtfp.org> <B9A87595-5AAF-47CA-B898-8C8601D3B8C1@nostrum.com> <5525863D.2050006@cs.tcd.ie> <8F0ACB34-EE96-4348-AC20-EB6727A1EDA7@gmail.com> <sjm4moph1fe.fsf@securerf.ihtfp.org>
MIME-Version: 1.0
Content-Type: text/plain; format=flowed
X-Mailer: MailMate (1.9.1r5084)
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/nGS_v3HDCgQFTbRqKRMHSeVS2rM>
Cc: "secdir@ietf.org" <secdir@ietf.org>, "payload@ietf.org" <payload@ietf.org>, "jspittka@gmail.com" <jspittka@gmail.com>, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, "iesg@ietf.org" <iesg@ietf.org>, "payload-chairs@tools.ietf.org" <payload-chairs@tools.ietf.org>, "koenvos74@gmail.com" <koenvos74@gmail.com>, Colin Perkins <csp@csperkins.org>
Subject: Re: [secdir] [payload] sec-dir review of draft-ietf-payload-rtp-opus-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Apr 2015 13:55:35 -0000

I think we have a general agreement for text that talks about how the 
choice of MTI security depends on the RTP application class. There's an 
ongoing discussion as to whether that should include something to the 
effect of "SHOULD implement appropriate protections".

I seemed to be the principle nay-sayer as of this morning, and I'm okay 
with Derek's latest suggestion, so I _think_ people are very close to an 
agreement on exact language.

On 9 Apr 2015, at 8:32, Derek Atkins wrote:

> Hi,
>
> Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> writes:
>
>> Sorry I've been tied up in meetings.  Where are we at with text
>> changes for this draft versus what's planned in another draft?  It
>> would be good to clear my discuss before tomorrow if we can.
>
> We have some proposed text (which was a sentence I added to a 
> paragraph
> that came from the guidance document), but I don't know if we've come 
> to
> consensus on that suggestion.
>
>> Thanks,
>> Kathleen
>
> -derek
>
> -- 
>      Derek Atkins                 617-623-3745
>      derek@ihtfp.com             www.ihtfp.com
>      Computer and Internet Security Consultant