Last Call Review of draft-ietf-payload-tsvcis-03
review-ietf-payload-tsvcis-03-secdir-lc-meadows-2019-10-10-00
Request | Review of | draft-ietf-payload-tsvcis |
---|---|---|
Requested revision | No specific revision (document currently at 05) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2019-09-25 | |
Requested | 2019-09-11 | |
Authors | Victor Demjanenko , John Punaro , David Satterlee | |
I-D last updated | 2019-10-10 | |
Completed reviews |
Secdir Last Call review of -03
by Catherine Meadows
(diff)
Genart Last Call review of -01 by Francis Dupont (diff) |
|
Assignment | Reviewer | Catherine Meadows |
State | Completed | |
Request | Last Call review on draft-ietf-payload-tsvcis by Security Area Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/secdir/Ght99XgkKPESZ8f4KOxhM7oX-g8 | |
Reviewed revision | 03 (document currently at 05) | |
Result | Has nits | |
Completed | 2019-10-10 |
review-ietf-payload-tsvcis-03-secdir-lc-meadows-2019-10-10-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes a payload format for the Tactical Secure Voice Cryptographic Interoperability Specification (TSVCIS) speech coder data when it is sent over RTP. The security considerations section is very thorough. The authors point out the appropriate RTP RFC’s for relevant security considerations, and also discuss the likelihood of the TSVCIS data being used to launch a denial of service attack. There are two places where I think things should be further clarified. I believe these count more as nits than issues. 1. This RTP payload format and the TSVCIS decoder do not exhibit any significant non-uniformity in the receiver-side computational complexity for packet processing How do you conclude that they do not have any significant non-uniformity? I would recommend either providing a reference or some other evidence, or qualify it somehow, e.g. “To the best of our knowledge, …” or “in our experience ..” 2. The relevance of the last sentence, about VAD and its effect on bitrates, is not clear. I would recommend adding a sentence explaining that. You should also spell out VAD as well as give the acronym.