Reviewer: Valery Smyslov Review result: Ready Reviewer: Valery Smyslov Review result: Ready I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The draft describes an Extensible Binary Meta Language (EBML) format, that is a generalized file format for any type of data. As such the EBML itself doesn't include any mechanisms providing security services, besides marginal integrity check via crc32, that is optional and limited in use. The EBML relies on external mechanisms that would provide security services. The Security Considerations section describes various issues that the EBML implementations should take into consideration even in the presence of external cryptographic protection. The list of issues seems to be quite exhaustive for the EBML. I previously reviewed the -09 version of the draft. Comparing with the -09 version the Security Considerations section in the -13 version is expanded a bit, making the described security issues more clear. -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
