Re: [secdir] review of draft-ietf-mmusic-connectivity-precon-06
Stephen Kent <kent@bbn.com> Wed, 28 October 2009 13:41 UTC
Return-Path: <kent@bbn.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 16DE23A698B for <secdir@core3.amsl.com>; Wed, 28 Oct 2009 06:41:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.395
X-Spam-Level:
X-Spam-Status: No, score=-2.395 tagged_above=-999 required=5 tests=[AWL=0.203, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gfi-k6Bhg28E for <secdir@core3.amsl.com>; Wed, 28 Oct 2009 06:41:38 -0700 (PDT)
Received: from mx3.bbn.com (mx3.bbn.com [128.33.1.81]) by core3.amsl.com (Postfix) with ESMTP id 89CC63A69E7 for <secdir@ietf.org>; Wed, 28 Oct 2009 06:41:38 -0700 (PDT)
Received: from dommiel.bbn.com ([192.1.122.15] helo=[10.84.130.252]) by mx3.bbn.com with esmtp (Exim 4.63) (envelope-from <kent@bbn.com>) id 1N38me-0003Xv-BV; Wed, 28 Oct 2009 09:41:52 -0400
Mime-Version: 1.0
Message-Id: <p06240803c70df800a708@[192.1.255.190]>
Date: Wed, 28 Oct 2009 09:40:19 -0400
To: secdir@ietf.org
From: Stephen Kent <kent@bbn.com>
Content-Type: multipart/alternative; boundary="============_-955385184==_ma============"
Cc: fandreas@cisco.com, fluffy@cisco.com, oran@cisco.com, dwing@cisco.com, rjsparks@nostrum.com
Subject: Re: [secdir] review of draft-ietf-mmusic-connectivity-precon-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Oct 2009 13:41:40 -0000
I re-reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. In the re-review I examined only on the text that the authors said was changed in response to my comments. In my initial review I said that the text about using suitable authentication and integrity mechanisms in this context was too vague to be useful and hat it should cite specific recommendations (via RFCs). The authors have revised the relevant text and it is better. The revised text elicited a comment from Sam Hartman that SIP Identity (RFC 4474) should be cited. I agree with this suggestion, but believe that the current cite for using S/MIME with SDP [RFC 3261] also should be retained, until such time as the RAI area decides to move it to historical. I think the expanded discussion of DoS concerns is better as well, even though no explicit threat model has been provided. I did note a grammatical error: "This attack would result in a poor user's experience ..." -> "This attack would result in a poor user experience ..." Steve
- [secdir] review of draft-ietf-mmusic-connectivity… Stephen Kent
- Re: [secdir] review of draft-ietf-mmusic-connecti… Sam Hartman
- Re: [secdir] review of draft-ietf-mmusic-connecti… Stephen Kent
- Re: [secdir] review of draft-ietf-mmusic-connecti… Sam Hartman
- Re: [secdir] review of draft-ietf-mmusic-connecti… Gonzalo Camarillo
- Re: [secdir] review of draft-ietf-mmusic-connecti… Sam Hartman
- Re: [secdir] review of draft-ietf-mmusic-connecti… Dan Wing
- Re: [secdir] review of draft-ietf-mmusic-connecti… Stephen Kent
- Re: [secdir] review of draft-ietf-mmusic-connecti… Sandra Murphy
- Re: [secdir] review of draft-ietf-mmusic-connecti… Gonzalo Camarillo