[secdir] secdir review of draft-ietf-avt-rtp-ipmr-12.txt
Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Fri, 05 March 2010 13:56 UTC
Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CF8D03A8B5C; Fri, 5 Mar 2010 05:56:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.212
X-Spam-Level:
X-Spam-Status: No, score=-2.212 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SGGgqRclwBxo; Fri, 5 Mar 2010 05:56:05 -0800 (PST)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) by core3.amsl.com (Postfix) with ESMTP id CE5843A8B7B; Fri, 5 Mar 2010 05:56:04 -0800 (PST)
Received: from localhost (demetrius2.jacobs-university.de [212.201.44.47]) by hermes.jacobs-university.de (Postfix) with ESMTP id F2608C000D; Fri, 5 Mar 2010 14:56:06 +0100 (CET)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius2.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id W52C-vmZKK+2; Fri, 5 Mar 2010 14:56:04 +0100 (CET)
Received: from elstar.local (elstar.iuhb02.iu-bremen.de [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id BA483C0011; Fri, 5 Mar 2010 14:55:54 +0100 (CET)
Received: by elstar.local (Postfix, from userid 501) id 7979410B9991; Fri, 5 Mar 2010 14:55:54 +0100 (CET)
Date: Fri, 05 Mar 2010 14:55:54 +0100
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: info@spiritdsp.com
Message-ID: <20100305135554.GA20432@elstar.local>
Mail-Followup-To: info@spiritdsp.com, iesg@ietf.org, secdir@ietf.org
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="sdtB3X0nJg68CQEu"
Content-Disposition: inline
User-Agent: Mutt/1.5.20 (2009-06-14)
Cc: iesg@ietf.org, secdir@ietf.org
Subject: [secdir] secdir review of draft-ietf-avt-rtp-ipmr-12.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Mar 2010 13:56:06 -0000
Hi. I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The document defines how SPIRIT IP-MR encoded speech signals can be transported over RTP. The security considerations seem to be adequate. However, I am concerned about the C code in the appendix extracting frame information. The code does not seem to do proper bound checking, which I think is a problem that needs to be fixed. I understand that the frame size is an out parameter - still the size of the buffer passed via pCoded should be available so that proper bound checking can be performed. Other than that, I noticed a number of editorial issues, mostly due to missing articles etc. I am attaching a unified context diff correcting some of the issues (but note that I stopped making changes at the end of section 3 - so there is likely more to fix). /js -- Juergen Schoenwaelder Jacobs University Bremen gGmbH Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany Fax: +49 421 200 3103 <http://www.jacobs-university.de/>
- [secdir] secdir review of draft-ietf-avt-rtp-ipmr… Juergen Schoenwaelder