Last Call Review of draft-ietf-perc-private-media-framework-08
review-ietf-perc-private-media-framework-08-genart-lc-dunbar-2019-02-08-00

Request Review of draft-ietf-perc-private-media-framework
Requested rev. no specific revision (document currently at 12)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2019-02-13
Requested 2019-01-30
Draft last updated 2019-02-08
Completed reviews Secdir Last Call review of -08 by Vincent Roca (diff)
Genart Last Call review of -08 by Linda Dunbar (diff)
Tsvart Last Call review of -08 by Gorry Fairhurst (diff)
Secdir Telechat review of -10 by Vincent Roca (diff)
Genart Telechat review of -09 by Linda Dunbar (diff)
Assignment Reviewer Linda Dunbar
State Completed
Review review-ietf-perc-private-media-framework-08-genart-lc-dunbar-2019-02-08
Reviewed rev. 08 (document currently at 12)
Review result Not Ready
Review completed: 2019-02-08

Review
review-ietf-perc-private-media-framework-08-genart-lc-dunbar-2019-02-08

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.

Document: draft-ietf-perc-private-media-framework-??
Reviewer: Linda Dunbar
Review Date: 2019-02-08
IETF LC End Date: 2019-02-13
IESG Telechat date: Not scheduled for a telechat

Summary:
This document describes a solution framework for ensuring that media
confidentiality and integrity are maintained end-to-end.  

Major issues:
 The SRTP Master Key described in Section 6.4 is not listed in the Figure 4 Key Inventory. What is the relationship between the KEK listed in the Figure 4 Key Inventory and the SRTP Master Key?  

Section 6.3 talks about Key distributor sending KEK to endpoints.  Is it via untrusted network?  how to prevent the KEK from leaking to other points? 
 Is KEK same as EKT Key? if yes, why use two names? it is confusing. 

Section 5: the first paragraph says that the "Key requirements are that endpoint can verify it is connected to the correct Key Distributor..", But How? can you include a reference to the method? 

Minor issues:

Nits/editorial comments: 
Section 3.2.2: is it a typo? extra "to" in the following sentence? 
"...is necessary to for proper conference-to-endpoint mappings."

Best Regards, 

Linda