Last Call Review of draft-ietf-avt-srtp-not-mandatory-
review-ietf-avt-srtp-not-mandatory-secdir-lc-hartman-2010-06-20-00
| Request | Review of | draft-ietf-avt-srtp-not-mandatory |
|---|---|---|
| Requested revision | No specific revision (document currently at 16) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2010-05-27 | |
| Requested | 2010-05-14 | |
| Authors | Colin Perkins , Magnus Westerlund | |
| I-D last updated | 2010-06-20 | |
| Completed reviews |
Genart Last Call review of -14
by Vijay K. Gurbani
(diff)
Secdir Last Call review of -?? by Sam Hartman |
|
| Assignment | Reviewer | Sam Hartman |
| State | Completed | |
| Request | Last Call review on draft-ietf-avt-srtp-not-mandatory by Security Area Directorate Assigned | |
| Completed | 2010-06-20 |
review-ietf-avt-srtp-not-mandatory-secdir-lc-hartman-2010-06-20-00
Hi. I've reviewed draft-ietf-avt-srtp-not-mandatory for the security directorate. The security ADs should read this draft very carefully, although I think that's obvious from the filename. However, after doing a careful reading of my own, I didn't find any problems. I might wish for a stronger statement in section 5 that particular profiles of RTP need to specify a mandatory to implement security mechanism. However, this is not a BCP, and I can understand why you wouldn't put that statement in an informational document. Also, it's a bit tricky to get that statement right, considering for example the implications of a profile of RTP that might of itself be a framework.