Last Call Review of draft-ietf-avt-srtp-not-mandatory-
review-ietf-avt-srtp-not-mandatory-secdir-lc-hartman-2010-06-20-00
Request | Review of | draft-ietf-avt-srtp-not-mandatory |
---|---|---|
Requested revision | No specific revision (document currently at 16) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2010-05-27 | |
Requested | 2010-05-14 | |
Authors | Colin Perkins , Magnus Westerlund | |
I-D last updated | 2010-06-20 | |
Completed reviews |
Genart Last Call review of -14
by Vijay K. Gurbani
(diff)
Secdir Last Call review of -?? by Sam Hartman |
|
Assignment | Reviewer | Sam Hartman |
State | Completed | |
Request | Last Call review on draft-ietf-avt-srtp-not-mandatory by Security Area Directorate Assigned | |
Completed | 2010-06-20 |
review-ietf-avt-srtp-not-mandatory-secdir-lc-hartman-2010-06-20-00
Hi. I've reviewed draft-ietf-avt-srtp-not-mandatory for the security directorate. The security ADs should read this draft very carefully, although I think that's obvious from the filename. However, after doing a careful reading of my own, I didn't find any problems. I might wish for a stronger statement in section 5 that particular profiles of RTP need to specify a mandatory to implement security mechanism. However, this is not a BCP, and I can understand why you wouldn't put that statement in an informational document. Also, it's a bit tricky to get that statement right, considering for example the implications of a profile of RTP that might of itself be a framework.