Last Call Review of draft-ietf-avtcore-aria-srtp-09
review-ietf-avtcore-aria-srtp-09-secdir-lc-laurie-2017-06-29-00

Request Review of draft-ietf-avtcore-aria-srtp
Requested rev. no specific revision (document currently at 11)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-06-29
Requested 2017-06-15
Draft last updated 2017-06-29
Completed reviews Genart Last Call review of -07 by Alexey Melnikov (diff)
Secdir Last Call review of -06 by Ben Laurie (diff)
Opsdir Last Call review of -06 by Jouni Korhonen (diff)
Genart Last Call review of -09 by Meral Shirazipour (diff)
Secdir Last Call review of -09 by Ben Laurie (diff)
Assignment Reviewer Ben Laurie
State Completed
Review review-ietf-avtcore-aria-srtp-09-secdir-lc-laurie-2017-06-29
Reviewed rev. 09 (document currently at 11)
Review result Has Nits
Review completed: 2017-06-29

Review
review-ietf-avtcore-aria-srtp-09-secdir-lc-laurie-2017-06-29

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The summary of the review is ready with nits.

This is essentially a drop-in replacement of AES for SRTP with ARIA, a
cipher I've never heard of.

Because it is a drop-in replacement, it uses SHA-1. Probably it would
be better practice to update the hash function to something more
modern.

The I-D also somewhat eccentrically says that no security problems
have been found with ARIA whilst referencing a paper on a
meet-in-the-middle attack on reduced round ARIA. I am not sure what to
make of this, though clearly it is not a fatal flaw.