Last Call Review of draft-ietf-avtcore-multi-party-rtt-mix-16
review-ietf-avtcore-multi-party-rtt-mix-16-secdir-lc-salz-2021-05-06-00
| Request | Review of | draft-ietf-avtcore-multi-party-rtt-mix |
|---|---|---|
| Requested revision | No specific revision (document currently at 20) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2021-05-03 | |
| Requested | 2021-04-19 | |
| Authors | Gunnar Hellstrom | |
| I-D last updated | 2021-05-06 | |
| Completed reviews |
Opsdir Last Call review of -14
by Jürgen Schönwälder
(diff)
Secdir Last Call review of -16 by Rich Salz (diff) Genart Last Call review of -14 by Peter E. Yee (diff) |
|
| Assignment | Reviewer | Rich Salz |
| State | Completed | |
| Review |
review-ietf-avtcore-multi-party-rtt-mix-16-secdir-lc-salz-2021-05-06
|
|
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/WvgIjmQFMmjP7t1TSwtTV_u9Vko | |
| Reviewed revision | 16 (document currently at 20) | |
| Result | Ready | |
| Completed | 2021-05-06 |
review-ietf-avtcore-multi-party-rtt-mix-16-secdir-lc-salz-2021-05-06-00
This review is for the benefit of the Security AD's. Nobody else should read this. Or, if you read it, treat it as any other last call review :) I know very little about WebRTC, AVT, etc. I thought Section 1.2, summary of the alternatives, was great. I wish more documents did this kind of thing. And similar for all of section 2. The details in Section 3 about how to comply seem very clear. If I were implementing this, I could use easily use this as a checklist and test suite. Section 3.19 is the most important one for transport security. Not knowing the operating environments, it seems reasonable. The security considerations seems a little scant, given the opportunity for privacy concerns of participants and for intruders to disrupt calls. Is it common that the mixer is a trusted entity? A statement on that either way would be useful.