The IESG has approved the following document: - 'Guidelines for the use of Variable Bit Rate Audio with Secure RTP' (draft-ietf-avtcore-srtp-vbr-audio-04.txt) as a Proposed Standard This document is the product of the Audio/Video Transport Core Maintenance Working Group. The IESG contact persons are Robert Sparks and Gonzalo Camarillo. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-avtcore-srtp-vbr-audio/ Technical Summary This memo discusses potential security issues that arise when using variable bit rate audio with the secure RTP profile. When using SRTP with voice streams compressed using variable bit rate (VBR) codecs, the length of the compressed packets will depend on the characteristics of the speech signal. This variation in packet size will leak a small amount of information about the contents of the speech signal. Guidelines to mitigate these issues are suggested. Working Group Summary There was early on significant debate on how big a security issue this problem really was. But it was agreed on the need to document the issue and how the issue can be mitigated. Since then there has been good consensus on the document. Document Quality This document has gotten reasonable review from people with both RTP and Security focus. The quality of the document is good. Additional input from the security area during IESG review strengthened some of the recommendations which were re-reviewed with a second IETF LC. Personnel Robert Sparks is the responsible AD. Magnus Westerlund is the document shepherd. RFC Editor Note (valid for version -04) Please change the Intended Status in the header to Proposed Standard _______________________________________________ IETF-Announce mailing list IETF-Announce@ietf.org https://www.ietf.org/mailman/listinfo/ietf-announce
