Last Call Review of draft-ietf-avtcore-rtp-security-options-09

Request Review of draft-ietf-avtcore-rtp-security-options
Requested rev. no specific revision (document currently at 10)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2013-12-06
Requested 2013-11-25
Authors Magnus Westerlund, Colin Perkins
Draft last updated 2013-12-17
Completed reviews Genart Last Call review of -09 by Suresh Krishnan (diff)
Assignment Reviewer Suresh Krishnan
State Completed
Review review-ietf-avtcore-rtp-security-options-09-genart-lc-krishnan-2013-12-17
Reviewed rev. 09 (document currently at 10)
Review result Ready
Review completed: 2013-12-17


I have been selected as the General Area Review Team (Gen-ART) reviewer
for this draft (for background on Gen-ART, please see


Please wait for direction from your document shepherd or AD before
posting a new version of the draft.

Document: draft-ietf-avtcore-rtp-security-options-09.txt
Reviewer: Suresh Krishnan
Review Date: 2013/12/16
IESG Telechat date: 2013/12/19

Summary: This draft is ready for publication as an Informational RFC but 

I do have a few comments that the authors may wish to consider.


* Section 1

This sentence is a bit awkward

The IETF considers it important that protocols implement, and makes 

available to the user, secure modes of operation

Suggest rewording to something like

The IETF considers it important that protocols implement secure modes of 

operation and make them available to users.

* Section 2.1

I am not sure what this statement means. Can you please clarify?

"Here the combination of the security protocol protecting the RTP 

session and its RTP and RTCP traffic and the key-management protocol 

becomes important in which security statements one can do."

* Section 4.1.4

s/will be more relevant then/will be more relevant than/

This sentence is hard to read. Please consider rewording

"Commonly by provisioning the verifier with the public part of a root 

certificate, this enables the verifier to verify a trust chain from the 

root certificate down to the identity certificate."