Last Call Review of draft-ietf-rtcweb-data-protocol-08
review-ietf-rtcweb-data-protocol-08-secdir-lc-hoffman-2014-10-30-00
Request | Review of | draft-ietf-rtcweb-data-protocol |
---|---|---|
Requested revision | No specific revision (document currently at 09) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2014-10-24 | |
Requested | 2014-10-16 | |
Authors | Randell Jesup , Salvatore Loreto , Michael Tüxen | |
I-D last updated | 2014-10-30 | |
Completed reviews |
Genart Last Call review of -08
by Alexey Melnikov
(diff)
Secdir Last Call review of -08 by Paul E. Hoffman (diff) Opsdir Last Call review of -08 by Ron Bonica (diff) |
|
Assignment | Reviewer | Paul E. Hoffman |
State | Completed | |
Request | Last Call review on draft-ietf-rtcweb-data-protocol by Security Area Directorate Assigned | |
Reviewed revision | 08 (document currently at 09) | |
Result | Ready | |
Completed | 2014-10-30 |
review-ietf-rtcweb-data-protocol-08-secdir-lc-hoffman-2014-10-30-00
Greetings again. draft-ietf-rtcweb-data-protocol describes a protocol for establishing a symmetric data channel between two WebRTC peers. The protocol is simple and clear. The Security Considerations section fully admits that: This protocol does not provide privacy, integrity or authentication. It needs to be used as part of a protocol suite that contains all these things. Such a protocol suite is specified in [I-D.ietf-tsvwg-sctp-dtls-encaps]. In the context of WebRTC, that is a completely reasonable requirement, and it would make no sense to layer a home-built security protocol into the one described in the document. --Paul Hoffman