[secdir] Secdir last call review of draft-ietf-xrblock-rtcweb-rtcp-xr-metrics-08
Brian Weis <email@example.com> Thu, 22 February 2018 20:03 UTC
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id AFCAE12DA0A; Thu, 22 Feb 2018 12:03:38 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
From: Brian Weis <firstname.lastname@example.org>
Cc: email@example.com, firstname.lastname@example.org, email@example.com
Date: Thu, 22 Feb 2018 12:03:38 -0800
Subject: [secdir] Secdir last call review of draft-ietf-xrblock-rtcweb-rtcp-xr-metrics-08
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:firstname.lastname@example.org?subject=unsubscribe>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:email@example.com?subject=subscribe>
X-List-Received-Date: Thu, 22 Feb 2018 20:03:39 -0000
Reviewer: Brian Weis Review result: Has Nits I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes monitoring features related to media streams in Web real-time communication (WebRTC). The monitoring features are sent in Sender and Receiver Reports through RTCP along with other metrics related to the transport of multimedia flows. The new monitoring features are comprised of packet counts and other packet-related statistics (e.g., jitter). The Security Considerations states that there are no additional security considerations beyond those mentioned in related documents, and I believe this is true. There is one reference in this section that needs to be fixed: [RFC3792] is not correct. I assumed it should have been RFC 6792. Also, it would be helpful to add a reference in Section 5.3 to RFC 7294 to identify the source for "concealment metrics". A security reviewer will naturally want to know what property "concealment" is intended to provide, and it took some hunting down to find it and determine that it wasn't relevant.
- [secdir] Secdir last call review of draft-ietf-... Brian Weis
- Re: [secdir] [xrblock] Secdir last call review ... Huangyihong (Rachel)