[secdir] review of draft-ietf-mmusic-sdp-capability-negotiation-10.txt
Stephen Kent <kent@bbn.com> Mon, 25 May 2009 17:50 UTC
Return-Path: <kent@bbn.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B21413A6964 for <secdir@core3.amsl.com>; Mon, 25 May 2009 10:50:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.404
X-Spam-Level:
X-Spam-Status: No, score=-2.404 tagged_above=-999 required=5 tests=[AWL=0.194, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DrYN1YNqye4c for <secdir@core3.amsl.com>; Mon, 25 May 2009 10:50:30 -0700 (PDT)
Received: from mx11.bbn.com (mx11.bbn.com [128.33.0.80]) by core3.amsl.com (Postfix) with ESMTP id A7F2B3A67B6 for <secdir@core3.amsl.com>; Mon, 25 May 2009 10:50:30 -0700 (PDT)
Received: from dommiel.bbn.com ([192.1.122.15] helo=[168.77.196.182]) by mx11.bbn.com with esmtp (Exim 4.60) (envelope-from <kent@bbn.com>) id 1M8eLK-00028g-FW; Mon, 25 May 2009 13:52:11 -0400
Mime-Version: 1.0
Message-Id: <p0624081ac6408a3e106d@[168.77.196.182]>
Date: Mon, 25 May 2009 13:52:08 -0400
To: secdir@core3.amsl.com
From: Stephen Kent <kent@bbn.com>
Content-Type: multipart/alternative; boundary="============_-968848566==_ma============"
Cc: fluffy@cisco.com, tim.polk@nist.gov, fandreas@cisco.com
Subject: [secdir] review of draft-ietf-mmusic-sdp-capability-negotiation-10.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 May 2009 17:50:31 -0000
I have reviewed this I-D as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. I performed this re-review by examining a diff between versions 9 and 10 of the I-D, and by reviewing my comments on version 9. I thank the author for having made a number of changes based on my review comments. He paid closer attention to where the word "only" is placed in sentences. I note that some newly added text repeats the previous placement errors re this word :. He also fixed the IPsec misspelling. There are still a few typos in this version, but I expect the RC Editor will fix them. The author added text to include a DTLS-SRTP example, in addition to the MIKEY examples. (I'm not sure that its appropriate to retain the MIKEY examples at all here, but I defer to the RAI AD's judgment on this matter.) The author revised the discussion of RFC 4474 to indicate that it is still PKI-based, but that the required PKI is less extensive (and thus potentially more viable) than a PKI that must encompass all end users. He also corrected the discussion to note the residual MITM attack potential if TLS or IPsec are used for hop-by-hop protection. The author also revised the advice to implementors re DoS attacks, making the advice a "must" vs. "MUST." The reference to section 3.10 in the security considerations discussion of DoS is still wrong; the reference should be to 3.11.
- [secdir] review of draft-ietf-mmusic-sdp-capabili… Stephen Kent