[secdir] Secdir review of draft-ietf-avtcore-rtp-circuit-breakers-13
Magnus Nyström <magnusn@gmail.com> Tue, 08 March 2016 06:14 UTC
Return-Path: <magnusn@gmail.com>
X-Original-To: secdir@ietfc.amsl.com
Delivered-To: secdir@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id 7A0B01CDF9D for <secdir@ietfc.amsl.com>; Mon, 7 Mar 2016 22:14:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfc.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.41]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iO2588Qhf0nq for <secdir@ietfc.amsl.com>; Mon, 7 Mar 2016 22:13:59 -0800 (PST)
Received: from mail-ob0-x229.google.com (mail-ob0-x229.google.com [IPv6:2607:f8b0:4003:c01::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfc.amsl.com (Postfix) with ESMTPS id 27EE41CD6D9 for <secdir@ietf.org>; Mon, 7 Mar 2016 22:13:59 -0800 (PST)
Received: by mail-ob0-x229.google.com with SMTP id ts10so5239791obc.1 for <secdir@ietf.org>; Mon, 07 Mar 2016 22:13:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to; bh=OnErzRkCQ2eXsn3Get1Y+OO/+oGps6RadpShd5oJ/lA=; b=TJCw8E2dbhXaxrK5kcDW8Hg2AGPZQf8BymQXhUqAqiw8gmkatx9Jf4+z6j2n2pDiR+ o0I7gJ+q85/9pu/wowPNJKVGqEhd2qakcU7mjiPBqC/Y883rqfMXXKpcSavOmiLusL4F 6FLTcfsIKigWTp7L291JThxr95qp3ZqmV39YR3JelOxDSmEWiNuFq6nghzPfHe0ngrj/ T3HpPOcfG916n80ltLS+5SW0+SrVwo0IHxFzY8Xlgq2Lzxl4TTozgoqNUF4n1UAFVUTH TEkUb5cd47WoBUHZPTk55vvOQ3flYrEoWJCTxEVqxNWWMUsHFhDGb9LVV0Ju3d8UzRfz QJ0w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to; bh=OnErzRkCQ2eXsn3Get1Y+OO/+oGps6RadpShd5oJ/lA=; b=CfcVkI3KjzRZvve7o+ggl/rXMJCbiYJZH54q+tamRLylDzg7OOM8nWXOa1LXeJ+Uft HqfOaj82m4XdTcCPTLuXNbZsFq251cZbJfLqy5DAUOOwyPODd695zuBtmPkQVGSdarFP 3UTwy2QkForKr7XDZZgi9dSzVFCePvaE5OcI+y/mWJIYl1UNnPoc0YTeTrEOzz+E8v4r MlxcwIhJ8y3nDQKVgGKMdIPm1QmPspwHnTcMNLJxwE31Da69h6B6YGbVq5c4uPBHeFSO /6ePkD0xyIZ9ji3wHmDLJCpxxZkykyoU7gmcpmYd7GJ+9sQ7VrtMe6GFGBcbpDQx4TY/ hllg==
X-Gm-Message-State: AD7BkJLNqA6vzP1JVs+KEAfmZ85ausBUkMJ0RwQ8IkCmnpnQzndpYgfvDO9Kra98KVSIs8kwCIOp64xun7WfuA==
MIME-Version: 1.0
X-Received: by 10.60.38.37 with SMTP id d5mr16478469oek.50.1457417638547; Mon, 07 Mar 2016 22:13:58 -0800 (PST)
Received: by 10.202.63.215 with HTTP; Mon, 7 Mar 2016 22:13:58 -0800 (PST)
Date: Mon, 07 Mar 2016 22:13:58 -0800
Message-ID: <CADajj4YZb=bcC8SWRxhBBq4zUWP3YBySt5YQRAbFRtu_jESYkw@mail.gmail.com>
From: Magnus Nyström <magnusn@gmail.com>
To: "secdir@ietf.org" <secdir@ietf.org>, draft-ietf-avtcore-rtp-circuit-breakers@tools.ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/wwRij0S5JJUHLNELHWMS6LDUPkg>
Subject: [secdir] Secdir review of draft-ietf-avtcore-rtp-circuit-breakers-13
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Mar 2016 06:14:00 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This memo describes a set of RTP "circuit-breakers." In this context, circuit-breakers are conditions under which an RTP sender "needs to stop transmitting media data in order to protect the network from excessive congestion." As such, the possibility for DOS and similar disruptions are possible in this context. However, the security considerations sections seems adequate and refers to the core RTP, RTCP documents for threat models and mitigations. -- Magnus
- [secdir] Secdir review of draft-ietf-avtcore-rtp-… Magnus Nyström
- Re: [secdir] Secdir review of draft-ietf-avtcore-… Colin Perkins