[AVTCORE] Secdir last call review of draft-ietf-avtcore-cryptex-05

Rifaat Shekh-Yusef via Datatracker <noreply@ietf.org> Fri, 01 April 2022 13:50 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Rifaat Shekh-Yusef via Datatracker <noreply@ietf.org>
To: <secdir@ietf.org>
Cc: avt@ietf.org, draft-ietf-avtcore-cryptex.all@ietf.org, last-call@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <164882104986.17214.4620967098716441367@ietfa.amsl.com>
Reply-To: Rifaat Shekh-Yusef <rifaat.s.ietf@gmail.com>
Date: Fri, 01 Apr 2022 06:50:49 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/knHKsg84tpHh1yP6TV1d0E3L4DE>
Subject: [AVTCORE] Secdir last call review of draft-ietf-avtcore-cryptex-05

Reviewer: Rifaat Shekh-Yusef
Review result: Has Issues

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The summary of the review is Ready with One Issue

Section 5.2, First paragraph, last sentence:
"The implementation MAY stop and report an error if it
   considers use of this specification mandatory for the RTP stream."

If the implementation considers this to be *mandatory*, why is the above
statement state "MAY stop and report an error"? It seems to me that in this
case, at least a SHOULD is warranted here. Am I missing something?

Regards,
 Rifaat

[AVTCORE] Secdir last call review of draft-ietf-a… Rifaat Shekh-Yusef via Datatracker