Last Call Review of draft-ietf-avtcore-srtp-encrypted-header-ext-04
review-ietf-avtcore-srtp-encrypted-header-ext-04-secdir-lc-kelly-2013-01-25-00

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors.
 Document editors and WG chairs should treat these comments just like any other
last call comments.

This document describes a modification to the SRTP protocol, wherein header
fields which have previously only been protected with authentication may now
also be protected with (authenticated) encryption. The document is detailed and
well-written, and the document text, together with the security considerations
section, seems to address all relevant concerns.

I want to qualify my comments: I had relatively short notice for this document
review, I have no prior experience with SRTP, and I have been very busy with
post-Holiday catch-up, so I have to apologize for not giving this document more
attention. On the other hand, there are a number of highly respected reviewers
mentioned in the acknowledgements section, so I think odds are good that this
document raises no serious concerns.

--Scott