Last Call Review of draft-ietf-payload-rtp-ancillary-06
review-ietf-payload-rtp-ancillary-06-secdir-lc-emery-2016-11-10-00

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This draft specifies a Real-time Transport Protocol (RTP) payload format
for ancillary data; including time code, Closed Captioning, and Active
Format Description (AFD).

The security considerations section does exist and refers to the base
protocol specification of RTP and any profile utilized for consideration.
The section continues that RTP does not require a single media solution,
referencing RFC 7202, and references RFC 7201 for various mechanisms to
secure RTP.  I agree with this assertion.  The section goes on to discuss
the specific payload data and how to mitigate against attack by first
sanity checking said data.  I'm OK with this assertion, except for the
integrity check using Checksum_Word.  The nine bit checksum based on
summing the nine least significant bits of four out of dozens of possible
data fields doesn't seem to provide sufficient coverage for this check.

General comments:

None.

Editorial comments:

Abstract: Does RTP and SMPTE need to be expanded first?
Abstract: Is SMPTE ST 291-1 a normative reference?
s/an SDI/a SDI/

Shawn.
--