Last Call Review of draft-ietf-rtcweb-data-protocol-08
review-ietf-rtcweb-data-protocol-08-secdir-lc-hoffman-2014-10-30-00

Request Review of draft-ietf-rtcweb-data-protocol
Requested rev. no specific revision (document currently at 09)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2014-10-24
Requested 2014-10-16
Draft last updated 2014-10-30
Completed reviews Genart Last Call review of -08 by Alexey Melnikov (diff)
Secdir Last Call review of -08 by Paul Hoffman (diff)
Opsdir Last Call review of -08 by Ron Bonica (diff)
Assignment Reviewer Paul Hoffman
State Completed
Review review-ietf-rtcweb-data-protocol-08-secdir-lc-hoffman-2014-10-30
Reviewed rev. 08 (document currently at 09)
Review result Ready
Review completed: 2014-10-30

Review
review-ietf-rtcweb-data-protocol-08-secdir-lc-hoffman-2014-10-30

Greetings again. draft-ietf-rtcweb-data-protocol describes a protocol for establishing a symmetric data channel between two WebRTC peers. The protocol is simple and clear.

The Security Considerations section fully admits that:
   This protocol does not provide privacy, integrity or authentication.
   It needs to be used as part of a protocol suite that contains all
   these things.  Such a protocol suite is specified in
   [I-D.ietf-tsvwg-sctp-dtls-encaps].
In the context of WebRTC, that is a completely reasonable requirement, and it would make no sense to layer a home-built security protocol into the one described in the document.

--Paul Hoffman