Last Call Review of draft-ietf-xrblock-rtcp-xr-decodability-09
review-ietf-xrblock-rtcp-xr-decodability-09-secdir-lc-meadows-2013-03-21-00

Request Review of draft-ietf-xrblock-rtcp-xr-decodability
Requested rev. no specific revision (document currently at 12)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2013-03-15
Requested 2013-03-07
Other Reviews Genart Last Call review of -09 by Alexey Melnikov (diff)
Genart Telechat review of -11 by Alexey Melnikov (diff)
Review State Completed
Reviewer Catherine Meadows
Review review-ietf-xrblock-rtcp-xr-decodability-09-secdir-lc-meadows-2013-03-21
Posted at http://www.ietf.org/mail-archive/web/secdir/current/msg03846.html
Reviewed rev. 09 (document currently at 12)
Review result Ready
Draft last updated 2013-03-21
Review completed: 2013-03-21

Review
review-ietf-xrblock-rtcp-xr-decodability-09-secdir-lc-meadows-2013-03-21

I have reviewed this document as part of the security directorate's 

ongoing effort to review all IETF documents being processed by the 

IESG.  These comments were written primarily for the benefit of the 

security area directors.  Document editors and WG chairs should treat 

these comments just like any other last call comments.

This ID concerns a new RTP  Control Protocol Extended Report Block that reports decodability

statistics metrics for RTP applications using MPEG2 TS over RTP.   These are parameters necessary or helpful to

ensure that TS transmissions can be decoded.  This includes information

such as transport stream synchronization losses, sync byte errors, and continuity count errors,  and others,  apply to all MPEG2 applications.

The ID gives the format for each of the parameters in the Report Block.

The authors of the document point out in the Security Considerations section that the ID introduces no new security considerations

beyond those  described in RFC 3611.  RFC 3611 describes RTP Extended Reports Blocks in general.  The security considerations discussed

are that the information  in the Report Blocks, which are generally unencrypted, could reveal confidential information, and that an attacker

could possibly take advantage of the size of the Extended Report Blocks to launch a denial of service attack.  I agree that the Report Blocks described

in this ID to not introduce any security considerations beyond that, and thus do not believe that this ID needs any further  examination from

a security point of view.

Cathy

 




Catherine Meadows

Naval Research Laboratory

Code 5543

4555 Overlook Ave., S.W.

Washington DC, 20375

phone: 202-767-3490

fax: 202-404-7942

email: 

catherine.meadows at nrl.navy.mil