[secdir] Secdir review of draft-ietf-tsvwg-rtcweb-qos

"Paul Hoffman" <paul.hoffman@vpnc.org> Sun, 27 March 2016 20:59 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 093C712D1C0 for <secdir@ietfa.amsl.com>; Sun, 27 Mar 2016 13:59:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GGF89_TSfFx4 for <secdir@ietfa.amsl.com>; Sun, 27 Mar 2016 13:59:33 -0700 (PDT)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D98C12D141 for <secdir@ietf.org>; Sun, 27 Mar 2016 13:59:33 -0700 (PDT)
Received: from [10.32.60.32] (50-1-98-216.dsl.dynamic.fusionbroadband.com [50.1.98.216]) (authenticated bits=0) by mail.proper.com (8.15.2/8.14.9) with ESMTPSA id u2RKxWIW062753 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <secdir@ietf.org>; Sun, 27 Mar 2016 13:59:33 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: mail.proper.com: Host 50-1-98-216.dsl.dynamic.fusionbroadband.com [50.1.98.216] claimed to be [10.32.60.32]
From: "Paul Hoffman" <paul.hoffman@vpnc.org>
To: secdir <secdir@ietf.org>
Date: Sun, 27 Mar 2016 13:59:31 -0700
Message-ID: <0361809E-945E-4E7F-95CE-126A98FD0ECC@vpnc.org>
MIME-Version: 1.0
Content-Type: text/plain; format=flowed
X-Mailer: MailMate (1.9.4r5234)
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/cmLwKQWV3-f2yoO-URxlSLNoF3Q>
Subject: [secdir] Secdir review of draft-ietf-tsvwg-rtcweb-qos
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Mar 2016 20:59:35 -0000

The extremely short Security Considerations section is actually fine:
    This specification does not add any additional security implications
    beyond those addressed in the following DSCP-related specifications.
    For security implications on use of DSCP, please refer to Section 7
    of [RFC7657] and Section 6 of [RFC4594].  Please also see
    [I-D.ietf-rtcweb-security] as an additional reference.
That is, suggesting adding a QOS value to a certain kind of packet 
doesn't add any security concerns beyond QOS that exists before now.

--Paul Hoffman