Skip to main content

Last Call Review of draft-ietf-rtcweb-data-protocol-08
review-ietf-rtcweb-data-protocol-08-secdir-lc-hoffman-2014-10-30-00

Request Review of draft-ietf-rtcweb-data-protocol
Requested revision No specific revision (document currently at 09)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2014-10-24
Requested 2014-10-16
Authors Randell Jesup , Salvatore Loreto , Michael Tüxen
I-D last updated 2014-10-30
Completed reviews Genart Last Call review of -08 by Alexey Melnikov (diff)
Secdir Last Call review of -08 by Paul E. Hoffman (diff)
Opsdir Last Call review of -08 by Ron Bonica (diff)
Assignment Reviewer Paul E. Hoffman
State Completed
Request Last Call review on draft-ietf-rtcweb-data-protocol by Security Area Directorate Assigned
Reviewed revision 08 (document currently at 09)
Result Ready
Completed 2014-10-30
review-ietf-rtcweb-data-protocol-08-secdir-lc-hoffman-2014-10-30-00
Greetings again. draft-ietf-rtcweb-data-protocol describes a protocol for
establishing a symmetric data channel between two WebRTC peers. The protocol is
simple and clear.

The Security Considerations section fully admits that:
   This protocol does not provide privacy, integrity or authentication.
   It needs to be used as part of a protocol suite that contains all
   these things.  Such a protocol suite is specified in
   [I-D.ietf-tsvwg-sctp-dtls-encaps].
In the context of WebRTC, that is a completely reasonable requirement, and it
would make no sense to layer a home-built security protocol into the one
described in the document.

--Paul Hoffman