Telechat Review of draft-ietf-avt-register-srtp-
review-ietf-avt-register-srtp-secdir-telechat-murphy-2010-04-25-00

I have reviewed this document as part of the security directorate's 


ongoing effort to review all IETF documents being processed by the IESG. 


These comments were written primarily for the benefit of the security area 


directors.  Document editors and WG chairs should treat these comments 


just like any other last call comments.






This document resolves a conflict between IETF process and SRTP 


registration process, wrt country specific cryptographic transforms.  The 


IETF process requires that such transforms be published as informational 


rfcs, but the SRTP documentation requires a standards track RFC for 


extensions to SRTP.






This document modifies RFC3711 and RFC4568 to allow either informational 


RFCs or standards RFCs as the basis of registration in IANA's SRTP Cyrpto 


Suite Registrations.






There are no security concerns that I can see that would result from this 


modification.






(I have one idle question.  If the crypto suites are only required to be 


informational, does that mean that the interoperability requirement for 


standards progress would not apply to the crypto transforms?  I do not 


suggest that this is a problem that needs to be addressed.)




--Sandy