[secdir] Review of draft-ietf-mediactrl-mixer-control-package-10

Shawn M Emery <Shawn.Emery@Sun.COM> Mon, 15 February 2010 18:50 UTC

Return-Path: <Shawn.Emery@Sun.COM>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1C2063A7B6B; Mon, 15 Feb 2010 10:50:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.046
X-Spam-Level:
X-Spam-Status: No, score=-6.046 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E+uZNroH0KrV; Mon, 15 Feb 2010 10:50:13 -0800 (PST)
Received: from brmea-mail-1.sun.com (brmea-mail-1.Sun.COM [192.18.98.31]) by core3.amsl.com (Postfix) with ESMTP id 94C5B3A7BC2; Mon, 15 Feb 2010 10:50:12 -0800 (PST)
Received: from fe-amer-09.sun.com ([192.18.109.79]) by brmea-mail-1.sun.com (8.13.6+Sun/8.12.9) with ESMTP id o1FIphko021357; Mon, 15 Feb 2010 18:51:43 GMT
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: text/plain; CHARSET="US-ASCII"; format="flowed"
Received: from conversion-daemon.mail-amer.sun.com by mail-amer.sun.com (Sun Java(tm) System Messaging Server 7u2-7.04 64bit (built Jul 2 2009)) id <0KXW00M00C4ZF100@mail-amer.sun.com>; Mon, 15 Feb 2010 11:51:43 -0700 (MST)
Received: from [10.0.0.5] ([unknown] [174.51.225.48]) by mail-amer.sun.com (Sun Java(tm) System Messaging Server 7u2-7.04 64bit (built Jul 2 2009)) with ESMTPSA id <0KXW0015UCE7ZV10@mail-amer.sun.com>; Mon, 15 Feb 2010 11:51:43 -0700 (MST)
Date: Mon, 15 Feb 2010 11:49:48 -0700
From: Shawn M Emery <Shawn.Emery@Sun.COM>
Sender: Shawn.Emery@Sun.COM
To: secdir@ietf.org
Message-id: <4B79974C.9030900@sun.com>
User-Agent: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.9.1.5) Gecko/20100117 Thunderbird/3.0
Cc: draft-ietf-mediactrl-mixer-control-package.all@tools.ietf.org, iesg@ietf.org
Subject: [secdir] Review of draft-ietf-mediactrl-mixer-control-package-10
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Feb 2010 18:50:14 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.

This draft describes usage for managing mixers used in media conferences 
and connections.

The security considerations section does exist and references the XML 
media RFC, 3023, with the possible implications of using XML for command 
and display purposes.  In regards to media mixer usage this draft 
references the control framework draft, 
draft-ietf-mediactrl-sip-control-framework, for security issues 
regarding session establishment, transport protection, and control 
channel policy management.  After reading the referenced drafts I 
believe that there are no additional threats that the 
draft-ietf-mediactrl-mixer-control-package draft does not already 
account for.

General comment(s):

None.

Editorial comment(s):

Security considerations:

Section 11 of [I-D.ietf-mediactrl-sip-control-framework] is incorrectly 
referenced, should reference 12.  This occurs 3 times.

-- 
Shawn.