Last Call Review of draft-ietf-rtcweb-data-protocol-08
review-ietf-rtcweb-data-protocol-08-secdir-lc-hoffman-2014-10-30-00
| Request | Review of | draft-ietf-rtcweb-data-protocol |
|---|---|---|
| Requested revision | No specific revision (document currently at 09) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2014-10-24 | |
| Requested | 2014-10-16 | |
| Authors | Randell Jesup , Salvatore Loreto , Michael Tüxen | |
| I-D last updated | 2014-10-30 | |
| Completed reviews |
Genart Last Call review of -08
by Alexey Melnikov
(diff)
Secdir Last Call review of -08 by Paul E. Hoffman (diff) Opsdir Last Call review of -08 by Ron Bonica (diff) |
|
| Assignment | Reviewer | Paul E. Hoffman |
| State | Completed | |
| Request | Last Call review on draft-ietf-rtcweb-data-protocol by Security Area Directorate Assigned | |
| Reviewed revision | 08 (document currently at 09) | |
| Result | Ready | |
| Completed | 2014-10-30 |
review-ietf-rtcweb-data-protocol-08-secdir-lc-hoffman-2014-10-30-00
Greetings again. draft-ietf-rtcweb-data-protocol describes a protocol for establishing a symmetric data channel between two WebRTC peers. The protocol is simple and clear. The Security Considerations section fully admits that: This protocol does not provide privacy, integrity or authentication. It needs to be used as part of a protocol suite that contains all these things. Such a protocol suite is specified in [I-D.ietf-tsvwg-sctp-dtls-encaps]. In the context of WebRTC, that is a completely reasonable requirement, and it would make no sense to layer a home-built security protocol into the one described in the document. --Paul Hoffman