Last Call Review of draft-ietf-mmusic-latching-05
review-ietf-mmusic-latching-05-secdir-lc-takahashi-2014-05-22-00

Request Review of draft-ietf-mmusic-latching
Requested rev. no specific revision (document currently at 08)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2014-05-28
Requested 2014-05-15
Other Reviews Genart Last Call review of -05 by Elwyn Davies (diff)
Review State Completed
Reviewer Takeshi Takahashi
Review review-ietf-mmusic-latching-05-secdir-lc-takahashi-2014-05-22
Posted at https://www.ietf.org/mail-archive/web/secdir/current/msg04800.html
Reviewed rev. 05 (document currently at 08)
Review result Ready
Draft last updated 2014-05-22
Review completed: 2014-05-22

Review
review-ietf-mmusic-latching-05-secdir-lc-takahashi-2014-05-22

Hello,

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments just
like any other last call comments.

This document describes the behavior of signaling intermediaries in RTC
deployments when performing hosted NAT traversal (HNT).	
The document begins with summarizing the problems with NAT traversal for
protocols such as SIP, and then outlines HNT and the latching mechanism that
approach the problems.
Nevertheless, this document is not recommending the use of latching.
Instead, the document alerts its use and elaborates its security concerns in
Section 5 "Security considerations" by showing several examples.
The security consideration covers issues such as DoS-resistance/resource
exhaustion, impersonation and addresses the use of encryption mechanism.

It is an interesting, tutorial-like document, and I think this document is
ready.

According to the mmusic mailing list, the security consideration section has
been discussed from the early stage of this draft, so the section also seems
to be mature, IMHO.
A bit of editorial review would be helpful.

1. It could be helpful if you could spell out the abbreviations when they
appear at the first time (e.g., UAC, UAS, SIP, SDP, and SBC), not at the
second time.
2. In section 1: " and described in [RFC3424]" should be "as described in
[RFC3424]"?
3. In section 4: "from from" -> "from" ?

The review was based on the document uploaded at


https://datatracker.ietf.org/doc/draft-ietf-mmusic-latching/

 .

By the way, if RTC and SBC are used as the identical terms in this document,
why do we use the term RTC (Real Time Communication) in the document tile
while we use the term SBC in the main body texts?
In any case, it is a very minor comment, and I think the draft is ready to
move forward.

Take