[apps-discuss] apps-team review of draft-ietf-fecframe-sdp-elements
Dave Cridland <dave@cridland.net> Tue, 07 September 2010 19:33 UTC
Return-Path: <dave@cridland.net>
X-Original-To: apps-discuss@core3.amsl.com
Delivered-To: apps-discuss@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D28243A6876; Tue, 7 Sep 2010 12:33:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.543
X-Spam-Level:
X-Spam-Status: No, score=-1.543 tagged_above=-999 required=5 tests=[AWL=-0.803, BAYES_20=-0.74]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uznpdiXPKvXK; Tue, 7 Sep 2010 12:33:18 -0700 (PDT)
Received: from peirce.dave.cridland.net (peirce.dave.cridland.net [217.155.137.61]) by core3.amsl.com (Postfix) with ESMTP id A92093A6980; Tue, 7 Sep 2010 12:33:11 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by peirce.dave.cridland.net (Postfix) with ESMTP id 0E1F811680C1; Tue, 7 Sep 2010 20:33:37 +0100 (BST)
X-Virus-Scanned: Debian amavisd-new at peirce.dave.cridland.net
Received: from peirce.dave.cridland.net ([127.0.0.1]) by localhost (peirce.dave.cridland.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 12nD8AaQ3yXx; Tue, 7 Sep 2010 20:33:34 +0100 (BST)
Received: from puncture (unknown [217.155.137.60]) by peirce.dave.cridland.net (Postfix) with ESMTPA id F13EE11680BD; Tue, 7 Sep 2010 20:33:33 +0100 (BST)
MIME-Version: 1.0
Message-Id: <11907.1283888013.974202@puncture>
Date: Tue, 07 Sep 2010 20:33:33 +0100
From: Dave Cridland <dave@cridland.net>
To: General discussion of application-layer protocols <apps-discuss@ietf.org>, The IESG <iesg@ietf.org>, abegen@cisco.com
Content-Type: text/plain; delsp="yes"; charset="iso-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
Subject: [apps-discuss] apps-team review of draft-ietf-fecframe-sdp-elements
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Sep 2010 19:33:20 -0000
Hiya folks, I have been selected as the Applications Area Review Team reviewer for this draft (for background on apps-review, please see http://www.apps.ietf.org/content/applications-area-review-team). Please resolve these comments along with any other Last Call comments you may receive. Please wait for direction from your document shepherd or AD before posting a new version of the draft. Document: draft-ietf-fecframe-sdp-elements Reviewer: Dave Cridland Review Date: 2010-09-07 Summary: This draft has minor editorial issues, and one potential issue. The document could be published as an RFC with the existing encoding of repair-window, but some thought should be given to it. Major Issues: None Minor Issues: Section 4.6 describes an SDP attribute "repair-window", which seems to have a possibly over-complicated representation. It has two different units, one of which is the default. This yields three different ways of expressing the same intent: 150 150ms 150000us It's unclear to me what benefit this brings, and the downside could be that implementations only handle a subset of the possibilities, resulting in a failure to interoperate. I would advise serious consideration of restricting this to one unit. If microsecond resolutions are required, then obviously this would be µs, resulting in the above being written only as: 150000 This is unfortunately not a current option, and if there are existing deployments, this may yield further problems. Nits: The term "bytes" is sometimes used where I suspect "octets" would be more precise. Security: I briefly cast my eye over the Security Considerations section - please don't grant these comments the same weight as a security review. There is advice that "It is RECOMMENDED [to] follow the security considerations of SDP". I would have thought that following those recommendations would be a requirement. I'm quite taken with using both RECOMMENDED and SHOULD in the same sentence, mind, but I think this could be phrased better. It's also not clear what effect the SDP modification would actually have - whether this is a denial of service or if it yields some other attack. (My suspicion is that if an attacker is in a position to perform this attack, then the attacker can subvert the media streams entirely and do something much more interesting). Dave. -- Dave Cridland - mailto:dave@cridland.net - xmpp:dwd@dave.cridland.net - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/ - http://dave.cridland.net/ Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
- [apps-discuss] apps-team review of draft-ietf-fec… Dave Cridland
- Re: [apps-discuss] apps-team review of draft-ietf… Ali C. Begen (abegen)