Last Call Review of draft-campbell-sip-messaging-smime-03
review-campbell-sip-messaging-smime-03-secdir-lc-xia-2018-10-08-00
| Request | Review of | draft-campbell-sip-messaging-smime |
|---|---|---|
| Requested revision | No specific revision (document currently at 05) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2018-10-10 | |
| Requested | 2018-09-12 | |
| Authors | Ben Campbell , Russ Housley | |
| Draft last updated | 2018-10-08 | |
| Completed reviews |
Secdir Last Call review of -03
by
Liang Xia
(diff)
Genart Last Call review of -03 by Peter E. Yee (diff) |
|
| Assignment | Reviewer | Liang Xia |
| State | Completed | |
| Review |
review-campbell-sip-messaging-smime-03-secdir-lc-xia-2018-10-08
|
|
| Reviewed revision | 03 (document currently at 05) | |
| Result | Ready | |
| Completed | 2018-10-08 |
review-campbell-sip-messaging-smime-03-secdir-lc-xia-2018-10-08-00
In general, this draft is clear and well written. I have 2 comments as below: 1. For Section 6, is it required to protect the UA capabilities negotiation messages? Have you considered the possible downgrade attack, like: the adversary tampered the UA capabilities negotiation message to make the UA work without s/mime? 2. For Section 12, is there any general way to defend against the attacks from malicious or compromised intermediaries mentioned in this section? Maybe some guidances are helpful here.