Last Call Review of draft-ietf-xrblock-rtcp-xr-decodability-09
review-ietf-xrblock-rtcp-xr-decodability-09-secdir-lc-meadows-2013-03-21-00

I have reviewed this document as part of the security directorate's

ongoing effort to review all IETF documents being processed by the

IESG.  These comments were written primarily for the benefit of the

security area directors.  Document editors and WG chairs should treat

these comments just like any other last call comments.

This ID concerns a new RTP  Control Protocol Extended Report Block that reports
decodability

statistics metrics for RTP applications using MPEG2 TS over RTP.   These are
parameters necessary or helpful to

ensure that TS transmissions can be decoded.  This includes information

such as transport stream synchronization losses, sync byte errors, and
continuity count errors,  and others,  apply to all MPEG2 applications.

The ID gives the format for each of the parameters in the Report Block.

The authors of the document point out in the Security Considerations section
that the ID introduces no new security considerations

beyond those  described in RFC 3611.  RFC 3611 describes RTP Extended Reports
Blocks in general.  The security considerations discussed

are that the information  in the Report Blocks, which are generally
unencrypted, could reveal confidential information, and that an attacker

could possibly take advantage of the size of the Extended Report Blocks to
launch a denial of service attack.  I agree that the Report Blocks described

in this ID to not introduce any security considerations beyond that, and thus
do not believe that this ID needs any further  examination from

a security point of view.

Cathy



Catherine Meadows

Naval Research Laboratory

Code 5543

4555 Overlook Ave., S.W.

Washington DC, 20375

phone: 202-767-3490

fax: 202-404-7942

email:

catherine.meadows at nrl.navy.mil