Last Call Review of draft-ietf-avt-rtp-mps-
review-ietf-avt-rtp-mps-secdir-lc-harkins-2009-06-16-00

Request Review of draft-ietf-avt-rtp-mps
Requested rev. no specific revision (document currently at 03)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2009-06-02
Requested 2009-05-19
Draft last updated 2009-06-16
Completed reviews Secdir Last Call review of -?? by Dan Harkins
Assignment Reviewer Dan Harkins
State Completed
Review review-ietf-avt-rtp-mps-secdir-lc-harkins-2009-06-16
Review completed: 2009-06-16

Review
review-ietf-avt-rtp-mps-secdir-lc-harkins-2009-06-16

  Hi,

  I have reviewed this document as part of the Security Directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
Security Area directors. Document editors and WG chairs should
treat these comments just like any other last call comments.

  This document extends the RTP payload format to transport MPEG
Surround multi-channel audio.

  By extending the RTP payload format, this document states that it
is "subject to the security considerations of the RTP specification"
itself. It also informatively cuts-and-pastes from the security
considerations of RFC 3640. I see no problem with that.

  While it's not an issue that needs addressing in this draft, it
seems to me that this draft takes advantage of a covert channel
in an ISO Standard on the coding of audo-visual objects-- "skip
unknown extension data" in a stream. RFC 3640 discusses the
possibility of crashing a system using this bug^H^H^Hfeature but
does not mention the covert channel possibilities. It would be nice
to mention that in a successor to RFC 3640 if there ever is one.

Minor issues:

  - missing reference to SDP, RFC 2327
  - please spell out "Advanced Audio Coding" before using the
    acronym AAC (assuming that's what it meant).
  - the term "High Efficiency AAC" is used after the acronym HE-AAC.
    Please reverse that.

  regards,

  Dan.