Last Call Review of draft-holmberg-dispatch-rfc7315-updates-07
review-holmberg-dispatch-rfc7315-updates-07-secdir-lc-hanna-2016-07-14-00

Request Review of draft-holmberg-dispatch-rfc7315-updates
Requested rev. no specific revision (document currently at 09)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2016-07-18
Requested 2016-06-23
Draft last updated 2016-07-14
Completed reviews Genart Last Call review of -07 by Ralph Droms (diff)
Genart Telechat review of -07 by Ralph Droms (diff)
Secdir Last Call review of -07 by Steve Hanna (diff)
Opsdir Last Call review of -05 by Ron Bonica (diff)
Assignment Reviewer Steve Hanna
State Completed
Review review-holmberg-dispatch-rfc7315-updates-07-secdir-lc-hanna-2016-07-14
Reviewed rev. 07 (document currently at 09)
Review result Has Nits
Review completed: 2016-07-14

Review
review-holmberg-dispatch-rfc7315-updates-07-secdir-lc-hanna-2016-07-14

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This document updates RFC 7315 by changing restrictions on where
certain SIP private header extensions may be included, in order to
address new 3GPP use cases.

This document is Ready with nits.

I know little about SIP or 3GPP. I do know security, though.

After reading this document and also reading the Security
Considerations section of RFC 7315, I believe that this document
is OK from a security standpoint. Few new security issues are
raised by this document and those that arise are properly
documented in the Security Considerations section of this
document. However, there are a few typos in the Security
Considerations section.

* The second sentence of the Security Considerations section
   ends with "the security considerations and assumptions (e.g.
   regarding only sending information to trusted entities) also
   to those messages." This clause is missing a verb. Maybe the
   word "apply" should appear before "to those messages". Also,
   greater clarity could be achieved by changing "the security
   considerations and assumptions" in that sentence fragment to
   "the security considerations and assumptions described in
   RFC 7315".

* In the third sentence of the Security Considerations section,
   "disallow" should be "disallows" and "message" should be
   "messages".

* In the fourth sentence of the Security Considerations section,
   "if a header field occur" should be "if a header field occurs".

With these minor changes, I think the document will be ready
to go from a security standpoint.

Thanks,

Steve