Telechat Review of draft-ietf-mmusic-connectivity-precon-

Request Review of draft-ietf-mmusic-connectivity-precon
Requested rev. no specific revision (document currently at 07)
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2009-11-16
Requested 2009-10-22
Authors Flemming Andreasen, David Oran, Dan Wing, Gonzalo Camarillo
Draft last updated 2009-11-02
Completed reviews Secdir Last Call review of -?? by Stephen Kent
Secdir Telechat review of -?? by Stephen Kent
Assignment Reviewer Stephen Kent 
State Completed
Review review-ietf-mmusic-connectivity-precon-secdir-telechat-kent-2009-11-02
Review completed: 2009-11-02



Re: review of

I re-reviewed this
document as part of the security directorate's ongoing effort to
review all IETF documents being processed by the IESG.  In the
re-review I examined only on the text that the authors said was
changed in response to my comments.

In my initial
review I said that the text about using suitable authentication and
integrity mechanisms in this context was too vague to be useful and
hat it should cite specific recommendations (via RFCs).

The authors have
revised the relevant text and it is better. The revised text elicited
a comment from Sam Hartman that SIP Identity (RFC 4474) should be
cited. I agree with this suggestion, but believe that the current cite
for using S/MIME with SDP [RFC 3261] also should be retained, until
such time as the RAI area decides to move it to

I think the
expanded discussion of DoS concerns is better as well, even though no
explicit threat model has been provided.

I did note a
grammatical error:

"This attack would result in a poor user's experience
..."  ->

"This attack would result in a poor user experience