[Sipbrandy] Opsdir last call review of draft-ietf-sipbrandy-rtpsec-07

Dan Romascanu <dromasca@gmail.com> Tue, 26 February 2019 10:16 UTC

Return-Path: <dromasca@gmail.com>
X-Original-To: sipbrandy@ietf.org
Delivered-To: sipbrandy@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D7C6D130EB8; Tue, 26 Feb 2019 02:16:03 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Dan Romascanu <dromasca@gmail.com>
To: <ops-dir@ietf.org>
Cc: sipbrandy@ietf.org, draft-ietf-sipbrandy-rtpsec.all@ietf.org, ietf@ietf.org, dromasca@gmail.com
X-Test-IDTracker: no
X-IETF-IDTracker: 6.92.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <155117616382.12098.15230968773030912720@ietfa.amsl.com>
Date: Tue, 26 Feb 2019 02:16:03 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipbrandy/qRqwBVLcJJgtUf9L2nKu5YI72BU>
Subject: [Sipbrandy] Opsdir last call review of draft-ietf-sipbrandy-rtpsec-07
X-BeenThere: sipbrandy@ietf.org
X-Mailman-Version: 2.1.29
List-Id: SIPBRANDY working group discussion list <sipbrandy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipbrandy>, <mailto:sipbrandy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipbrandy/>
List-Post: <mailto:sipbrandy@ietf.org>
List-Help: <mailto:sipbrandy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipbrandy>, <mailto:sipbrandy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Feb 2019 10:16:04 -0000

Reviewer: Dan Romascanu
Review result: Ready

This document with an intended status BCP describes best practices for
negotiating confidential media with SIP which include two approaches:
comprehensive protection solutions which bind the media to SIP-layer
identities, and opportunistic security solutions.

The document is Ready from an OPS-DIR point of view.

As the document does not define new protocols but rather refers existing
specifications, a full RFC 5706 review does not apply.

I have two non-blocking comments from an operational point of view:

1. The two approaches seem to differ from several aspects including the
maturity of the specification. Comprehensive protection relies on a set of
stable RFCs, while opportunistic solutions refer two work-in-progress IDs. It
would be useful to mention this, and maybe include a comparative list of
features which would help in selecting the appropriate solution from case to
case

2. We are missing in the SIP realm some documentation about the impact of
applying the various confidentiality approaches on manageability. For example
is observability impacted? Can session statistics be retrieved and error
condition signaled? Do approaches like RTCP-XR still apply? Maybe this BCP can
be a good place for such an operational consideration section.