[secdir] sec-dir review of draft-ietf-siprec-callflows-07

Derek Atkins <derek@ihtfp.com> Wed, 23 November 2016 01:58 UTC

Return-Path: <derek@ihtfp.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id D6B5B1294C2; Tue, 22 Nov 2016 17:58:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ihtfp.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 9TWkjwYOFr7L; Tue, 22 Nov 2016 17:58:04 -0800 (PST)
Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57454129496; Tue, 22 Nov 2016 17:58:04 -0800 (PST)
Received: from localhost (localhost []) by mail2.ihtfp.org (Postfix) with ESMTP id 35074E2040; Tue, 22 Nov 2016 20:58:03 -0500 (EST)
Received: from mail2.ihtfp.org ([]) by localhost (mail2.ihtfp.org []) (amavisd-maia, port 10024) with ESMTP id 10493-06; Tue, 22 Nov 2016 20:58:01 -0500 (EST)
Received: from securerf.ihtfp.org (unknown [IPv6:2001:470:e448:2:ea2a:eaff:fe7d:235]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mocana.ihtfp.org", Issuer "IHTFP Consulting Certification Authority" (verified OK)) by mail2.ihtfp.org (Postfix) with ESMTPS id 54AFCE2038; Tue, 22 Nov 2016 20:58:01 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ihtfp.com; s=default; t=1479866281; bh=Lo6xyjhUvSjnKM0sOVy/sT0rh5kBzjrtxsPII7b3aNQ=; h=From:To:Cc:Subject:Date; b=hZlzv/tfRMd7IgwHLb+dyWispVUs1khbkNwoh1x9COjh8NFsG1NkP4uDubehAekix qjUj97gDNRjmpgZzLCNWq2dWW3BlXHq3Qr9gQokx9Fg1jdH/MrqiciwI/jcPslmX3T FFYvgimVmROTExZXgt9qI3p6/1XWM6YiklSZQIH8=
Received: (from warlord@localhost) by securerf.ihtfp.org (8.15.2/8.14.8/Submit) id uAN1w0Yi023416; Tue, 22 Nov 2016 20:58:00 -0500
From: Derek Atkins <derek@ihtfp.com>
To: iesg@ietf.org, secdir@ietf.org
Date: Tue, 22 Nov 2016 20:58:00 -0500
Message-ID: <sjmfumjc5zr.fsf@securerf.ihtfp.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Virus-Scanned: Maia Mailguard 1.0.2a
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/9fUslv38wGIAdOowP4z-AKHzwic>
Cc: rmohanr@cisco.com, siprec-chairs@ietf.org, pkyzivat@alum.mit.edu, partha@parthasarathi.co.in
Subject: [secdir] sec-dir review of draft-ietf-siprec-callflows-07
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Nov 2016 01:58:06 -0000


I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written with the intent of improving
security requirements and considerations in IETF drafts.  Comments
not addressed in last call may be included in AD reviews during the
IESG review.  Document editors and WG chairs should treat these
comments just like any other last call comments.


Almost ready to publish.

Are there any implementation issues that should be added to the
Security Considerations?  What about privacy and/or data protection
(media encryption) issues/recommendations?


* I did not audit the SDP or XML for correctness.

* There is a typo in section 3.2.2:

                One of the participants
   Bob puts Alice hold and then resumes as part of the same CS.  The

  I believe this should be "Bob puts Alice *on* hold"?

* In section 3.3, the first paragraph starts with "The section
  describes...", should that be "This section"?

* In section 3.3.3, "Below is a snapshot sent from SRC to SRC in this
  case".  Is this a typo?  Or did you really mean to use SRC twice or
  should the second be SRS?


       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant