Last Call Review of draft-ietf-clue-telepresence-requirements-06
review-ietf-clue-telepresence-requirements-06-secdir-lc-salowey-2013-12-05-00

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This draft is ready with some minor issues.

The draft discusses requirements for multi-stream telepresence.   I don't know
much about telepresence, but the draft seems straight forward.  It does include
a single requirement about security and it does have a security considerations
section.   Although, I might like a bit more description about what "secure
exchange" means it think it is probably sufficient.   The type of information
that might be useful is what type of attacks or threats is of concern?  For
example, does the information need to be secured to disclosure or modification
by intermediaries or does have to allow modification by intermediaries.

The one other question is whether the information about media captures has any
privacy considerations.   For example is there geo-location or identity
information exchanged?  Are there any long-term identifiers used?  If there is
something that we know is going to be exchanged that is sensitive then it would
probably be worth including in the requirements. It didn't seem that this type
of data was required so this is probably more of a consideration for the
protocol spec.

Cheers,

Joe