Last Call Review of draft-ietf-p2psip-concepts-08
review-ietf-p2psip-concepts-08-secdir-lc-perlman-2016-03-10-00

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.

This document is titled "Concepts and Terminology for Peer to Peer SIP", and as
such would have no security considerations, as noted in the document.

However, this document describes how to discover which host a client is at,
instead of using a SIP proxy, by using a peer-to-peer network and DHT.

I'd have liked a motivation for why this would be a preferable mechanism.  It
seems like it would be less secure, in that more things will need to be
trusted.  And furthermore, as this document says in section 5.4:

"The P2PSIP WG does not impose a particular mechanism for how the

 peer-ID and the credentials are obtained, but the RELOAD protocol

 does specify the format for the configuration information."

I'd think the hard problems would be things like who to get a credential from
for joining the peer-to-peer group of proxies, and how that entity would decide
whether you should be trusted to join the peer-to-peer group.  And if there is
such a trusted entity (a central administration), why wouldn't the whole
discovery process be more centralized?

Also, with a peer-to-peer DHT, it seems like there are more things that need to
be trusted.  Any of them acting maliciously can cause incorrect answers.

Admittedly, I didn't read all the background documents.

There's a minor typo in section 2.2, clearly a cut and paste error:

"A special peer may be a member of the in the P2PSIP overlay"

Radia