Last Call Review of draft-ietf-avtcore-multi-media-rtp-session-11
review-ietf-avtcore-multi-media-rtp-session-11-secdir-lc-huitema-2015-12-10-00
Request | Review of | draft-ietf-avtcore-multi-media-rtp-session |
---|---|---|
Requested revision | No specific revision (document currently at 13) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2015-12-09 | |
Requested | 2015-11-26 | |
Authors | Magnus Westerlund , Colin Perkins , Jonathan Lennox | |
I-D last updated | 2015-12-10 | |
Completed reviews |
Genart Last Call review of -11
by Meral Shirazipour
(diff)
Secdir Last Call review of -11 by Christian Huitema (diff) Opsdir Last Call review of -11 by Warren "Ace" Kumari (diff) |
|
Assignment | Reviewer | Christian Huitema |
State | Completed | |
Request | Last Call review on draft-ietf-avtcore-multi-media-rtp-session by Security Area Directorate Assigned | |
Reviewed revision | 11 (document currently at 13) | |
Result | Ready | |
Completed | 2015-12-10 |
review-ietf-avtcore-multi-media-rtp-session-11-secdir-lc-huitema-2015-12-10-00
I reviewed this document as part of the Security Directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the Security Area Directors. Document authors, document editors, and WG chairs should treat these comments just like any other IETF Last Call comments. Version reviewed: draft-ietf-avtcore-multi-media-rtp-session-10 Summary: Ready The draft proposes to allow RTP streams to carry multiple media streams, relaxing the opposite requirement expressed in RFC 3550 and RFC 3551. The draft is well written and easy to understand, from the motivation of easier session establishment to the various details of RTP that have to be taken care of. The security session addresses the main security implication of carrying multiple media in a single stream. Whereas previous each media could be secured independently, all media multiplexed on a single stream will share the same security protections. This can be positive if the security of all meets the most stringent requirement, or negative if the implementers picked a lowest common denominator. I don't believe that there is much of a practical concern there. Note: I mistakenly sent previously a review for draft-westerlund-avtcore-multi-media-rtp-session-11, the version of this draft before WG adoption. The final version contains many improvements, but the security considerations are unchanged. -- Christian Huitema