[rtcweb] Alissa Cooper's Yes on draft-ietf-rtcweb-security-11: (with COMMENT)

Alissa Cooper <alissa@cooperw.in> Mon, 04 March 2019 21:43 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Alissa Cooper <alissa@cooperw.in>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-rtcweb-security@ietf.org, Sean Turner <sean@sn3rd.com>, rtcweb-chairs@ietf.org, sean@sn3rd.com, rtcweb@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <155173579996.5114.17917347453427376685.idtracker@ietfa.amsl.com>
Date: Mon, 04 Mar 2019 13:43:19 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/s9p3vqbvtTCE2xpr4jk8a6-q9-4>
Subject: [rtcweb] Alissa Cooper's Yes on draft-ietf-rtcweb-security-11: (with COMMENT)

Alissa Cooper has entered the following ballot position for
draft-ietf-rtcweb-security-11: Yes

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-rtcweb-security/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

PS seems like the appropriate status for this document given its role in the
WebRTC document suite.

= Section 4.1.4 =

"The attacker forges the response apparently
http://calling-service.example.com/ to inject JS to initiate a call to
himself." --> This doesn't read correctly.

= Section 4.2.4 =

It seems like this section should reference draft-ietf-rtcweb-ip-handling.

[rtcweb] Alissa Cooper's Yes on draft-ietf-rtcweb… Alissa Cooper
Re: [rtcweb] Alissa Cooper's Yes on draft-ietf-rt… Sean Turner