Last Call Review of draft-ietf-payload-rtp-opus-07
review-ietf-payload-rtp-opus-07-secdir-lc-atkins-2015-03-02-00

Hi,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written with the intent of improving
security requirements and considerations in IETF drafts.  Comments
not addressed in last call may be included in AD reviews during the
IESG review.  Document editors and WG chairs should treat these
comments just like any other last call comments.

Summary:

Ready to publish with a question: I question why the use of SRTP is a
MAY and not a SHOULD (as detailed in the Security Considerations
section).  Considering PERPASS I believe this should be a SHOULD;
someone should have a very good reason why they are NOT using SRTP.

Details:

   This document defines the Real-time Transport Protocol (RTP) payload
   format for packetization of Opus encoded speech and audio data
   necessary to integrate the codec in the most compatible way.
   Further, it describes media type registrations for the RTP payload
   format.

I have no other comments on this document.

-derek

-- 
       Derek Atkins                 617-623-3745
       derek at ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant