Last Call Review of draft-ietf-bfcpbis-sdp-ws-uri-07
review-ietf-bfcpbis-sdp-ws-uri-07-secdir-lc-hoffman-2017-01-05-00
| Request | Review of | draft-ietf-bfcpbis-sdp-ws-uri |
|---|---|---|
| Requested revision | No specific revision (document currently at 09) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2017-01-12 | |
| Requested | 2016-12-22 | |
| Authors | Ram R , Gonzalo Salgueiro | |
| I-D last updated | 2017-01-05 | |
| Completed reviews |
Genart Last Call review of -07
by Joel M. Halpern
(diff)
Secdir Last Call review of -07 by Paul E. Hoffman (diff) |
|
| Assignment | Reviewer | Paul E. Hoffman |
| State | Completed | |
| Request | Last Call review on draft-ietf-bfcpbis-sdp-ws-uri by Security Area Directorate Assigned | |
| Reviewed revision | 07 (document currently at 09) | |
| Result | Ready | |
| Completed | 2017-01-05 |
review-ietf-bfcpbis-sdp-ws-uri-07-secdir-lc-hoffman-2017-01-05-00
This document specifies extensions to SDP that can be used by application protocols (most likely SIP endpoints) that rely on WebSocket as a transport. For this, they need a URI that will appear in an SDP attribute. The Security Considerations section of the document adequately covers the problems with creating this SDP attribute to carry the URI, namely that SDP can be run either with or without authentication in the message and transport. The security considerations say that the entities SHOULD use S/MIME and TLS for these; this common-sense suggestions apply to all use of SDP, and is no more important here than for other uses of SDP. --Paul Hoffman