Telechat Review of draft-ietf-avtext-client-to-mixer-audio-level-
review-ietf-avtext-client-to-mixer-audio-level-genart-telechat-melnikov-2011-11-18-00

Request Review of draft-ietf-avtext-client-to-mixer-audio-level
Requested rev. no specific revision (document currently at 06)
Type Telechat Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2011-11-01
Requested 2011-11-01
Authors Jonathan Lennox, Enrico Marocco, Emil Ivov
Draft last updated 2011-11-18
Completed reviews Genart Telechat review of -?? by Alexey Melnikov
Secdir Telechat review of -?? by Tero Kivinen
Assignment Reviewer Alexey Melnikov 
State Completed
Review review-ietf-avtext-client-to-mixer-audio-level-genart-telechat-melnikov-2011-11-18
Review completed: 2011-11-18

Review
review-ietf-avtext-client-to-mixer-audio-level-genart-telechat-melnikov-2011-11-18

I have been selected as the General Area Review Team (Gen-ART)


reviewer for this draft. For background on Gen-ART, please see the FAQ 


at <

http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>




Please resolve these comments along with any other comments you may receive.

Document: draft-ietf-avtext-client-to-mixer-audio-level-05.txt
Reviewer: Alexey Melnikov
Review Date: 2011-09-25
IETF LC End Date: 2011-10-04
IESG Telechat date:

Summary: The document is ready for publication as a standards track RFC.

Major issues: none

Minor issues:



Question: are the two encoding of the audio level indication option 


specified in the document really necessary?




Nits/editorial comments:

6.  Security Considerations

   A malicious endpoint could choose to set the values in this header
   extension falsely, so as to falsely claim that audio or voice is or
   is not present.  It is not clear what could be gained by falsely
   claiming that audio is not present, but an endpoint falsely claiming
   that audio is present could perform a denial-of-service attack on an
   audio conference, so as to send silence to suppress other conference
   members' audio.  Thus, if a device relys on audio level data from

s/relys/relies ???

   untrusted endpoints, it SHOULD periodically audit the level