Last Call Review of draft-ietf-avt-rtp-mps-
|Requested revision||No specific revision (document currently at 03)|
|Type||Last Call Review|
|Team||Security Area Directorate (secdir)|
|Authors||Stefan Doehla , Malte Schmidt , Frans de Bont , Ralph Sperschneider|
|I-D last updated||2009-06-16|
Secdir Last Call review of -??
by Dan Harkins
Hi, I have reviewed this document as part of the Security Directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the Security Area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document extends the RTP payload format to transport MPEG Surround multi-channel audio. By extending the RTP payload format, this document states that it is "subject to the security considerations of the RTP specification" itself. It also informatively cuts-and-pastes from the security considerations of RFC 3640. I see no problem with that. While it's not an issue that needs addressing in this draft, it seems to me that this draft takes advantage of a covert channel in an ISO Standard on the coding of audo-visual objects-- "skip unknown extension data" in a stream. RFC 3640 discusses the possibility of crashing a system using this bug^H^H^Hfeature but does not mention the covert channel possibilities. It would be nice to mention that in a successor to RFC 3640 if there ever is one. Minor issues: - missing reference to SDP, RFC 2327 - please spell out "Advanced Audio Coding" before using the acronym AAC (assuming that's what it meant). - the term "High Efficiency AAC" is used after the acronym HE-AAC. Please reverse that. regards, Dan.