[secdir] Secdir last call review of draft-ietf-xrblock-rtcweb-rtcp-xr-metrics-08

Brian Weis <bew@cisco.com> Thu, 22 February 2018 20:03 UTC

Return-Path: <bew@cisco.com>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id AFCAE12DA0A; Thu, 22 Feb 2018 12:03:38 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Brian Weis <bew@cisco.com>
To: <secdir@ietf.org>
Cc: draft-ietf-xrblock-rtcweb-rtcp-xr-metrics.all@ietf.org, iesg@ietf.org, xrblock@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.72.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <151932981864.8184.11842090487013149974@ietfa.amsl.com>
Date: Thu, 22 Feb 2018 12:03:38 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/a1RIGGWok5p0vBva7G8yVeqPrQ0>
Subject: [secdir] Secdir last call review of draft-ietf-xrblock-rtcweb-rtcp-xr-metrics-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Feb 2018 20:03:39 -0000

Reviewer: Brian Weis
Review result: Has Nits

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call

This document describes monitoring features related to media streams  in Web
real-time communication (WebRTC).  The monitoring features are sent in Sender
and Receiver Reports through RTCP along with other metrics related to the
transport of multimedia flows. The new monitoring features are comprised of
packet counts and other packet-related statistics (e.g., jitter).

The Security Considerations states that there are no additional security
considerations beyond those mentioned in related documents, and I believe this
is true. There is one reference in this section that needs to be fixed:
[RFC3792] is not correct. I assumed it should have been RFC 6792.

Also, it would be helpful to add a reference in Section 5.3 to RFC 7294 to
identify the source for "concealment metrics". A security reviewer will
naturally want to know what property "concealment" is intended to provide, and
it took some hunting down to find it and determine that it wasn't relevant.