Last Call Review of draft-ietf-mmusic-data-channel-sdpneg-24
review-ietf-mmusic-data-channel-sdpneg-24-secdir-lc-hanna-2019-03-14-00

Request Review of draft-ietf-mmusic-data-channel-sdpneg
Requested rev. no specific revision (document currently at 26)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2019-03-18
Requested 2019-03-04
Other Reviews Tsvart Last Call review of -24 by Michael Tüxen (diff)
Genart Telechat review of -25 by Linda Dunbar (diff)
Review State Completed
Reviewer Steve Hanna
Review review-ietf-mmusic-data-channel-sdpneg-24-secdir-lc-hanna-2019-03-14
Posted at https://mailarchive.ietf.org/arch/msg/secdir/y7Dlsq3y3YLjrYf3HPO2Dmh979A
Reviewed rev. 24 (document currently at 26)
Review result Has Nits
Draft last updated 2019-03-14
Review completed: 2019-03-14

Review
review-ietf-mmusic-data-channel-sdpneg-24-secdir-lc-hanna-2019-03-14

Review result: Ready with nits
Reviewer: Steve Hanna

I reviewed this document as part of the Security Directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the Security Area
Directors.  Document authors, document editors, and WG chairs should
treat these comments just like any other IETF Last Call comments.

This document specifies how the SDP (Session Description Protocol)
offer/answer exchange can be used to achieve an out-of-band non-DCEP
negotiation for establishing a data channel.

Major Concerns:

None

Minor Concerns:

The last sentence in the Security Considerations section says:

   Error cases like the use of unknown parameter values or violation the
   odd/even rule must be handled by closing the corresponding Data
   Channel.

I suspect that the "must" in this sentence should be "MUST". Nothing else in
the document seems to state this requirement but it does seem necessary.

Nits:

This document has many small English language errors.  For example, the
first paragraph of the Introduction has three things that need to be
corrected:
- s/a bi-directional data channels/bi-directional data channels/
- s/prtocols/protocols/
- s/an endpoint applications/endpoint applications/

Please enlist a native English speaker as a proofreader.