Last Call Review of draft-ietf-avtcore-srtp-vbr-audio-
review-ietf-avtcore-srtp-vbr-audio-secdir-lc-johansson-2011-10-28-00
Request | Review of | draft-ietf-avtcore-srtp-vbr-audio |
---|---|---|
Requested revision | No specific revision (document currently at 04) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2011-11-01 | |
Requested | 2011-10-14 | |
Authors | Colin Perkins , Jean-Marc Valin | |
I-D last updated | 2011-10-28 | |
Completed reviews |
Genart Telechat review of -??
by Ben Campbell
Genart Last Call review of -?? by Ben Campbell Secdir Last Call review of -?? by Leif Johansson |
|
Assignment | Reviewer | Leif Johansson |
State | Completed | |
Request | Last Call review on draft-ietf-avtcore-srtp-vbr-audio by Security Area Directorate Assigned | |
Completed | 2011-10-28 |
review-ietf-avtcore-srtp-vbr-audio-secdir-lc-johansson-2011-10-28-00
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This BCP-track document talks about potential information-leakage resulting from the use of variable bit rate audio codecs with secure RTP. The document is well written and clearly explains the situations where information-leakage can occur. The most realistic scenario presented is eavesdropping on an RTP audio stream where one endpoint is an IVR or other automated voice systems that use pre-recorded messages. The only think I missed was a discussion (perhaps in the security section) about the risk of negotiating parameters (eg VAD) which could lead to increased risk of information-leakage, however this is perhaps a minor issue. Leif -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6cvZcACgkQ8Jx8FtbMZnfdrQCeInYzkao2scRc5I2WWAbb7mvt dlIAn2iH6v1atyye5ky4xiJGNU4AVq2K =O/yj -----END PGP SIGNATURE-----