Guidelines for the Use of Variable Bit Rate Audio with Secure RTP
RFC 6562

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: RFC Editor <rfc-editor@rfc-editor.org>,
    avtcore mailing list <avt@ietf.org>,
    avtcore chair <avtcore-chairs@tools.ietf.org>
Subject: Protocol Action: 'Guidelines for the use of Variable Bit Rate Audio with Secure RTP' to Proposed Standard (draft-ietf-avtcore-srtp-vbr-audio-04.txt)

The IESG has approved the following document:
- 'Guidelines for the use of Variable Bit Rate Audio with Secure RTP'
  (draft-ietf-avtcore-srtp-vbr-audio-04.txt) as a Proposed Standard

This document is the product of the Audio/Video Transport Core
Maintenance Working Group.

The IESG contact persons are Robert Sparks and Gonzalo Camarillo.

A URL of this Internet Draft is:
http://datatracker.ietf.org/doc/draft-ietf-avtcore-srtp-vbr-audio/


Technical Summary

  This memo discusses potential security issues that arise when using
  variable bit rate audio with the secure RTP profile. When using SRTP
  with voice streams compressed using variable bit rate (VBR) codecs, the
  length of the compressed packets will depend on the characteristics of
  the speech signal. This variation in packet size will leak a small
  amount of information about the contents of the speech signal.
  Guidelines to mitigate these issues are suggested.


Working Group Summary

  There was early on significant debate on how big a security issue this
  problem really was. But it was agreed on the need to document the issue
  and how the issue can be mitigated. Since then there has been good
  consensus on the document.

Document Quality
   This document has gotten reasonable review from people with both
   RTP and Security focus. The quality of the document is good. Additional
   input from the security area during IESG review strengthened some of
   the recommendations which were re-reviewed with a second IETF LC.

Personnel

  Robert Sparks is the responsible AD.
  Magnus Westerlund is the document shepherd.

RFC Editor Note (valid for version -04)

  Please change the Intended Status in the header to Proposed Standard