[rtcweb] Alissa Cooper's Yes on draft-ietf-rtcweb-security-11: (with COMMENT)
Alissa Cooper <alissa@cooperw.in> Mon, 04 March 2019 21:43 UTC
Return-Path: <alissa@cooperw.in>
X-Original-To: rtcweb@ietf.org
Delivered-To: rtcweb@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id EBAF21310D6; Mon, 4 Mar 2019 13:43:19 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Alissa Cooper <alissa@cooperw.in>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-rtcweb-security@ietf.org, Sean Turner <sean@sn3rd.com>, rtcweb-chairs@ietf.org, sean@sn3rd.com, rtcweb@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.92.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <155173579996.5114.17917347453427376685.idtracker@ietfa.amsl.com>
Date: Mon, 04 Mar 2019 13:43:19 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/s9p3vqbvtTCE2xpr4jk8a6-q9-4>
Subject: [rtcweb] Alissa Cooper's Yes on draft-ietf-rtcweb-security-11: (with COMMENT)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2019 21:43:20 -0000
Alissa Cooper has entered the following ballot position for draft-ietf-rtcweb-security-11: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-rtcweb-security/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- PS seems like the appropriate status for this document given its role in the WebRTC document suite. = Section 4.1.4 = "The attacker forges the response apparently http://calling-service.example.com/ to inject JS to initiate a call to himself." --> This doesn't read correctly. = Section 4.2.4 = It seems like this section should reference draft-ietf-rtcweb-ip-handling.
- [rtcweb] Alissa Cooper's Yes on draft-ietf-rtcweb… Alissa Cooper
- Re: [rtcweb] Alissa Cooper's Yes on draft-ietf-rt… Sean Turner