Last Call Review of draft-ietf-clue-telepresence-requirements-06
review-ietf-clue-telepresence-requirements-06-secdir-lc-salowey-2013-12-05-00
Request | Review of | draft-ietf-clue-telepresence-requirements |
---|---|---|
Requested revision | No specific revision (document currently at 07) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2013-11-27 | |
Requested | 2013-10-31 | |
Authors | Dr. Allyn Romanow , Stephen Botzko , Mary Barnes | |
I-D last updated | 2013-12-05 | |
Completed reviews |
Genart Last Call review of -06
by Dan Romascanu
(diff)
Genart Telechat review of -07 by Dan Romascanu Secdir Last Call review of -06 by Joseph A. Salowey (diff) |
|
Assignment | Reviewer | Joseph A. Salowey |
State | Completed | |
Request | Last Call review on draft-ietf-clue-telepresence-requirements by Security Area Directorate Assigned | |
Reviewed revision | 06 (document currently at 07) | |
Result | Has issues | |
Completed | 2013-12-05 |
review-ietf-clue-telepresence-requirements-06-secdir-lc-salowey-2013-12-05-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft is ready with some minor issues. The draft discusses requirements for multi-stream telepresence. I don't know much about telepresence, but the draft seems straight forward. It does include a single requirement about security and it does have a security considerations section. Although, I might like a bit more description about what "secure exchange" means it think it is probably sufficient. The type of information that might be useful is what type of attacks or threats is of concern? For example, does the information need to be secured to disclosure or modification by intermediaries or does have to allow modification by intermediaries. The one other question is whether the information about media captures has any privacy considerations. For example is there geo-location or identity information exchanged? Are there any long-term identifiers used? If there is something that we know is going to be exchanged that is sensitive then it would probably be worth including in the requirements. It didn't seem that this type of data was required so this is probably more of a consideration for the protocol spec. Cheers, Joe