Last Call Review of draft-ietf-payload-rtp-aptx-04
review-ietf-payload-rtp-aptx-04-secdir-lc-kivinen-2013-12-12-00

Request Review of draft-ietf-payload-rtp-aptx
Requested rev. no specific revision (document currently at 05)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2013-12-06
Requested 2013-11-28
Draft last updated 2013-12-12
Completed reviews Genart Last Call review of -04 by Wassim Haddad (diff)
Secdir Last Call review of -04 by Tero Kivinen (diff)
Assignment Reviewer Tero Kivinen
State Completed
Review review-ietf-payload-rtp-aptx-04-secdir-lc-kivinen-2013-12-12
Reviewed rev. 04 (document currently at 05)
Review result Has Nits
Review completed: 2013-12-12

Review
review-ietf-payload-rtp-aptx-04-secdir-lc-kivinen-2013-12-12

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This document describes how to transmit proprietary audio codec
algorithms standard apt-X and enchanced apt-X in the RTP. The document
has security considerations section which seems to be OK.

If I have understood correctly the codec is constant bit rate codec,
thus it is not vulnerable to the traffic analysis attacks described
for example in the draft-ietf-avtcore-srtp-vbr-audio document. Perhaps
the security considerations section could note that these codecs are
not vulnerable to those attacks (if that is in deed true).
-- 
kivinen at iki.fi