Skip to main content

Early Review of draft-ietf-speechsc-mrcpv2-
review-ietf-speechsc-mrcpv2-secdir-early-meadows-2010-07-11-00

Request Review of draft-ietf-speechsc-mrcpv2
Requested revision No specific revision (document currently at 28)
Type Early Review
Team Security Area Directorate (secdir)
Deadline 2011-11-29
Requested 2008-01-10
Authors Daniel C. Burnett , Saravanan Shanmugham
I-D last updated 2010-07-11
Completed reviews Genart Last Call review of -?? by Miguel Angel García
Genart Telechat review of -?? by Miguel Angel García
Secdir Early review of -?? by Catherine Meadows
Assignment Reviewer Catherine Meadows
State Completed
Request Early review on draft-ietf-speechsc-mrcpv2 by Security Area Directorate Assigned
Completed 2010-07-11
review-ietf-speechsc-mrcpv2-secdir-early-meadows-2010-07-11-00
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.

This draft describes the Media Resource Control Protocol Version 2 (MRCPv2)
which allows client hosts to control media service resources residing in
servers on a network. MRCPv2 makes use of the Session Initiation Protocol (SIP)
to initiate and manage sessions and the Session Description Protocol (SDP) to
manage and exchange capabilities.  Both clients and servers rely on TLS for
security.

Most of the security requirements for this protocol are similar to requirements
for any protocol that manages control data, some of which must be sensitive. 
These are outlined in the Security Considerations section.  MRCPv2 also
supports the use of voice identification to support a limited form of
limitation: the identification of which member of a group a principal belongs
to after the fact that the principal belongs to the group has been ascertained
by other means.  This is known as Speaker Verification and Identification.

I found the initial discussion of Speaker Verification and Identification in
Section 11 a little confusing, and there is one sentence in particular that
could be made more clear:

 The fourth  paragraph in that section begins:

Speaker identification is the process of associating an unknown
   speaker with a member in a population.  It does not employ a claim of
   identity.

But the paragraph immediately before that starts

In speaker verification, a recorded utterance is compared to a
   previously stored voiceprint which is in turn associated with a
   claimed identity for that user.

That sounds like it *does* employ a claim of identity.

The fourth paragraph goes on to say that speaker ID should
be used when you already have verified that the speaker is a member
of a group (e.g. by cryptographic means), and you want to verify which
member of the group s/he is.  This suggests that

 It does not employ a claim of
   identity.

really means that

It does not provide a proof of identity by itself.

If that is the case, it should say that.

I also note that the speaker verification is restricted to identifying the
identity of someone who is already verified to be a member of a group.  This
suggests that attempting to use it without this prior verification is unsafe. 
A quick scan through RFC 4313 didn't turn up any references to this issue.  If
it is unsafe, then the ID should say so, and if there is a related requirement
in RFC 4313 that should be referenced.  Also, I would recommend saying that
speaker verification MUST NOT be implemented without prior verification as a
member of a group.

Catherine Meadows
Naval Research Laboratory
Code 5543
4555 Overlook Ave., S.W.
Washington DC, 20375
phone: 202-767-3490
fax: 202-404-7942
email: catherine.meadows at nrl.navy.mil