Last Call Review of draft-ietf-bfcpbis-rfc4582bis-13
review-ietf-bfcpbis-rfc4582bis-13-secdir-lc-gudmundsson-2015-03-12-00

Request Review of draft-ietf-bfcpbis-rfc4582bis
Requested revision No specific revision (document currently at 16)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2015-03-03
Requested 2015-03-02
Authors Gonzalo Camarillo , Keith Drage , Tom Kristensen , Joerg Ott , Charles Eckel
I-D last updated 2015-03-12
Completed reviews Genart Last Call review of -13 by Suresh Krishnan (diff)
Secdir Last Call review of -13 by Ólafur Guðmundsson (diff)
Assignment Reviewer Ólafur Guðmundsson
State Completed
Request Last Call review on draft-ietf-bfcpbis-rfc4582bis by Security Area Directorate Assigned
Reviewed revision 13 (document currently at 16)
Result Has nits
Completed 2015-03-12
review-ietf-bfcpbis-rfc4582bis-13-secdir-lc-gudmundsson-2015-03-12-00
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.



These comments were written with the intent of improving security requirements
and considerations in IETF drafts.



Comments not addressed in last call may be included in AD reviews during the
IESG review.



Document editors and WG chairs should treat these comments just like any other
last call comments.





This document is a replacement document for RFC4582







The document is well written and is ready to be published with a Nit.

I did not look for textual nits only evaluated



the document from security perspective.







Authenticaion and message integrity are recommended but outsourced to



TLS, and DTLS.





Nit: The security section does address the issues of pervasive monitoring.



It does not provide any information what an obsever



may learn by sniffing traffic at the BFCP server, i.e. other than



discover participants IP addresses, possibly their identies depending



on how authentication is done, as well as their roles and actions?



Olafur