[secdir] Secdir Last Call Review of draft-ietf-mmusic-data-channel-sdpneg-24

"Steve Hanna" <steve01@hannas.com> Mon, 11 March 2019 00:41 UTC

Return-Path: <steve01@hannas.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85DD61275F3; Sun, 10 Mar 2019 17:41:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DAzvkDCN-x1C; Sun, 10 Mar 2019 17:41:19 -0700 (PDT)
Received: from smtprelay.hostedemail.com (smtprelay0188.hostedemail.com [216.40.44.188]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4A9D126C87; Sun, 10 Mar 2019 17:41:18 -0700 (PDT)
Received: from filter.hostedemail.com (clb03-v110.bra.tucows.net [216.40.38.60]) by smtprelay05.hostedemail.com (Postfix) with ESMTP id 41B571803045B; Mon, 11 Mar 2019 00:41:17 +0000 (UTC)
X-Session-Marker: 737465766530314068616E6E61732E636F6D
X-Spam-Summary: 40, 2.5, 0, , d41d8cd98f00b204, steve01@hannas.com, :::::, RULES_HIT:10:41:355:379:541:542:973:982:988:989:1155:1260:1277:1311:1313:1314:1345:1381:1437:1515:1516:1518:1534:1541:1587:1593:1594:1711:1730:1747:1777:1792:2198:2199:2393:2559:2562:2894:2911:3138:3139:3140:3141:3142:3352:3865:3866:3867:3868:3870:3872:3874:4250:4425:5007:6119:7903:8660:10011:10400:10848:11658:11914:11984:12109:12114:12679:12760:13069:13148:13161:13229:13230:13311:13357:13439:14040:14096:14097:14195:14721:21080:21212:21324:21433:21627:30006:30045:30054, 0, RBL:184.88.10.175:@hannas.com:.lbl8.mailshell.net-62.8.0.186 64.201.201.201, CacheIP:none, Bayesian:0.5, 0.5, 0.5, Netcheck:none, DomainCache:0, MSF:not bulk, SPF:fn, MSBL:0, DNSBL:neutral, Custom_rules:0:1:0, LFtime:28, LUA_SUMMARY:none
X-HE-Tag: group11_7f8dee4a51c00
X-Filterd-Recvd-Size: 2163
Received: from DESKTOP1IV8FA2 (184-088-010-175.res.spectrum.com [184.88.10.175]) (Authenticated sender: steve01@hannas.com) by omf18.hostedemail.com (Postfix) with ESMTPA; Mon, 11 Mar 2019 00:41:16 +0000 (UTC)
Reply-To: steve@hannas.com
From: Steve Hanna <steve01@hannas.com>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-mmusic-data-channel-sdpneg.all@ietf.org
Date: Sun, 10 Mar 2019 20:41:16 -0400
Message-ID: <03dd01d4d7a3$23a209d0$6ae61d70$@hannas.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-us
Thread-Index: AdTXot6upCK+Lt3iTkODqB4rHpbPhg==
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/y7Dlsq3y3YLjrYf3HPO2Dmh979A>
X-Mailman-Approved-At: Sun, 10 Mar 2019 17:56:39 -0700
Subject: [secdir] Secdir Last Call Review of draft-ietf-mmusic-data-channel-sdpneg-24
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Mar 2019 00:47:24 -0000

Review result: Ready with nits
Reviewer: Steve Hanna

I reviewed this document as part of the Security Directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the Security Area
Directors.  Document authors, document editors, and WG chairs should
treat these comments just like any other IETF Last Call comments.

This document specifies how the SDP (Session Description Protocol)
offer/answer exchange can be used to achieve an out-of-band non-DCEP
negotiation for establishing a data channel.

Major Concerns:

None

Minor Concerns:

The last sentence in the Security Considerations section says:

   Error cases like the use of unknown parameter values or violation the
   odd/even rule must be handled by closing the corresponding Data
   Channel.

I suspect that the "must" in this sentence should be "MUST". Nothing else in
the document seems to state this requirement but it does seem necessary.

Nits:

This document has many small English language errors.  For example, the
first paragraph of the Introduction has three things that need to be
corrected:
- s/a bi-directional data channels/bi-directional data channels/
- s/prtocols/protocols/
- s/an endpoint applications/endpoint applications/

Please enlist a native English speaker as a proofreader.