[secdir] secdir review of draft-stone-mgcp-vbd-07

"Carl Wallace" <CWallace@cygnacom.com> Wed, 23 June 2010 15:02 UTC

Return-Path: <CWallace@cygnacom.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5EAE73A6940; Wed, 23 Jun 2010 08:02:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.926
X-Spam-Level:
X-Spam-Status: No, score=-4.926 tagged_above=-999 required=5 tests=[AWL=-0.186, BAYES_20=-0.74, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pufbt+jrFKv5; Wed, 23 Jun 2010 08:02:47 -0700 (PDT)
Received: from mail152.messagelabs.com (mail152.messagelabs.com [216.82.253.19]) by core3.amsl.com (Postfix) with SMTP id 3CDFC3A6883; Wed, 23 Jun 2010 08:02:47 -0700 (PDT)
X-VirusChecked: Checked
X-Env-Sender: CWallace@cygnacom.com
X-Msg-Ref: server-13.tower-152.messagelabs.com!1277305373!14441976!1
X-StarScan-Version: 6.2.4; banners=-,-,-
X-Originating-IP: [65.242.48.19]
Received: (qmail 12438 invoked from network); 23 Jun 2010 15:02:54 -0000
Received: from unknown (HELO scygexch1.cygnacom.com) (65.242.48.19) by server-13.tower-152.messagelabs.com with SMTP; 23 Jun 2010 15:02:54 -0000
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Wed, 23 Jun 2010 11:02:54 -0400
Message-ID: <FAD1CF17F2A45B43ADE04E140BA83D4801008455@scygexch1.cygnacom.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: secdir review of draft-stone-mgcp-vbd-07
Thread-Index: AcsS5SiAzRrqHLOYRH+RyifUiUWN1g==
From: "Carl Wallace" <CWallace@cygnacom.com>
To: <secdir@ietf.org>
Cc: s.sharma@cablelabs.com, rkumar@cisco.com, joestone@cisco.com, iesg@ietf.org
Subject: [secdir] secdir review of draft-stone-mgcp-vbd-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Jun 2010 15:02:48 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This document defines new MGCP packages.  This document is pretty far
outside my sandbox, but I did have a couple of questions and comments.

- Why is this an Informational document instead of Standards track?  It
seems to be defining new packages that are not already defined
elsewhere.
- I struggled with the presentation a bit and found myself reading
references to understand some of the shorthand in this document.  For
example, in section 3.1 the column headers are not described in this
draft. 
- The security considerations section is brief and primarily references
RFC 3435, which essentially has two security considerations: use IPSec
and use SDP encryption keys.  The latter is not recommended in the
current SDP draft.  This section should directly state the security
considerations it wants to assert.