[secdir] secdir review of draft-ietf-avt-srtp-not-mandatory

Sam Hartman <hartmans-ietf@mit.edu> Mon, 14 June 2010 11:27 UTC

Return-Path: <hartmans@mit.edu>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C894C3A68C0; Mon, 14 Jun 2010 04:27:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.024
X-Spam-Level:
X-Spam-Status: No, score=-3.024 tagged_above=-999 required=5 tests=[AWL=-0.758, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ea3vhI9YsuPH; Mon, 14 Jun 2010 04:27:54 -0700 (PDT)
Received: from mail.suchdamage.org (permutation-city.suchdamage.org [69.25.196.28]) by core3.amsl.com (Postfix) with ESMTP id A18E63A68BD; Mon, 14 Jun 2010 04:27:54 -0700 (PDT)
Received: from carter-zimmerman.suchdamage.org (carter-zimmerman.suchdamage.org [69.25.196.178]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "laptop", Issuer "laptop" (not verified)) by mail.suchdamage.org (Postfix) with ESMTPS id 93570201C9; Mon, 14 Jun 2010 07:27:58 -0400 (EDT)
Received: by carter-zimmerman.suchdamage.org (Postfix, from userid 8042) id CD9B940D4; Mon, 14 Jun 2010 07:27:52 -0400 (EDT)
From: Sam Hartman <hartmans-ietf@mit.edu>
To: secdir@ietf.org,iesg@ietf.org
User-Agent: Gnus/5.110009 (No Gnus v0.9) Emacs/22.3 (gnu/linux)
Date: Mon, 14 Jun 2010 07:27:52 -0400
Message-ID: <tslr5k9zwef.fsf@mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Subject: [secdir] secdir review of draft-ietf-avt-srtp-not-mandatory
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jun 2010 11:27:54 -0000

Hi.  I've reviewed draft-ietf-avt-srtp-not-mandatory for the security
directorate.  The security ADs should read this draft very carefully,
although I think that's obvious from the filename.  However, after doing
a careful reading of my own, I didn't find any problems.

I might wish for a stronger statement in section 5 that particular
profiles of RTP need to specify a mandatory to implement security
mechanism.  However, this is not a BCP, and I can understand why you
wouldn't put that statement in an informational document.  Also, it's a
bit tricky to get that statement right, considering for example the
implications of a profile of RTP that might of itself be a framework.