[rtcweb] Mirja Kühlewind's No Objection on draft-ietf-rtcweb-security-arch-18: (with COMMENT)
Mirja Kühlewind <ietf@kuehlewind.net> Thu, 28 February 2019 18:00 UTC
Return-Path: <ietf@kuehlewind.net>
X-Original-To: rtcweb@ietf.org
Delivered-To: rtcweb@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0575B130F8E; Thu, 28 Feb 2019 10:00:16 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Mirja Kühlewind <ietf@kuehlewind.net>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-rtcweb-security-arch@ietf.org, Sean Turner <sean@sn3rd.com>, rtcweb-chairs@ietf.org, sean@sn3rd.com, rtcweb@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.92.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <155137681601.28667.4721382539333995604.idtracker@ietfa.amsl.com>
Date: Thu, 28 Feb 2019 10:00:16 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/zJiI4s92FhPrcIdU4xXcyR6lAJM>
Subject: [rtcweb] Mirja Kühlewind's No Objection on draft-ietf-rtcweb-security-arch-18: (with COMMENT)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Feb 2019 18:00:24 -0000
Mirja Kühlewind has entered the following ballot position for draft-ietf-rtcweb-security-arch-18: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-rtcweb-security-arch/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- 1) This is related to my discuss on draft-ietf-rtcweb-security. I think I don't fully understand the split between those two documents, as section 4.2 seems to introduce a normative reference to draft-ietf-rtcweb-security: "As described in ([I-D.ietf-rtcweb-security]; Section 4.2) media consent verification is provided via ICE. " However, given that section 6.3 actually normatively (re-)states the ICE requirements as well, I would maybe recommend to instead say: "As described in ([I-D.ietf-rtcweb-security]; Section 4.2) and stated in section 6.3 media consent verification is provided via ICE. " and then move the reference to draft-ietf-rtcweb-security to informative. 2) I would have also expected some discussion in the security considerations sections about the risks to the user if the browser gets corrupted, as indicated by the trust model presented in sec 3. 3) In Sec 9.2: "Combined WebRTC/Tor implementations SHOULD arrange to route the media as well as the signaling through Tor. Currently this will produce very suboptimal performance." Maybe make these sentences a bit more general, e.g. "Combined WebRTC/anonymity service implementations SHOULD arrange to route the media as well as the signaling through the anonymity network. Currently with e.g. Tor this will produce very suboptimal performance.
- [rtcweb] Mirja Kühlewind's No Objection on draft-… Mirja Kühlewind