[rtcweb] Alissa Cooper's Yes on draft-ietf-rtcweb-security-11: (with COMMENT)

Alissa Cooper <alissa@cooperw.in> Mon, 04 March 2019 21:43 UTC

Return-Path: <alissa@cooperw.in>
X-Original-To: rtcweb@ietf.org
Delivered-To: rtcweb@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id EBAF21310D6; Mon, 4 Mar 2019 13:43:19 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Alissa Cooper <alissa@cooperw.in>
To: "The IESG" <iesg@ietf.org>
Cc: draft-ietf-rtcweb-security@ietf.org, Sean Turner <sean@sn3rd.com>, rtcweb-chairs@ietf.org, sean@sn3rd.com, rtcweb@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.92.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <155173579996.5114.17917347453427376685.idtracker@ietfa.amsl.com>
Date: Mon, 04 Mar 2019 13:43:19 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/s9p3vqbvtTCE2xpr4jk8a6-q9-4>
Subject: [rtcweb] Alissa Cooper's Yes on draft-ietf-rtcweb-security-11: (with COMMENT)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2019 21:43:20 -0000

Alissa Cooper has entered the following ballot position for
draft-ietf-rtcweb-security-11: Yes

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-rtcweb-security/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

PS seems like the appropriate status for this document given its role in the
WebRTC document suite.

= Section 4.1.4 =

"The attacker forges the response apparently
http://calling-service.example.com/ to inject JS to initiate a call to
himself." --> This doesn't read correctly.

= Section 4.2.4 =

It seems like this section should reference draft-ietf-rtcweb-ip-handling.