Telechat Review of draft-ietf-rtcweb-overview-18
review-ietf-rtcweb-overview-18-secdir-telechat-harkins-2017-03-15-00

Team Security Area Directorate (secdir)
Title Telechat Review of draft-ietf-rtcweb-overview-18
Request Telechat - requested 2017-02-22
Reviewer Dan Harkins
Review result Ready
Posted at https://mailarchive.ietf.org/arch/msg/secdir/nZ2gtCPzbWl5rvoFjZ35E9BI4N4
Last updated 2017-03-15

Review
review-ietf-rtcweb-overview-18-secdir-telechat-harkins-2017-03-15

   Greetings,

   I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

   This I-D is an "Applicability Statement" and does not describe a protocol
but, instead, a set of building blocks that should be accessible through
a Javascript API in a standard browser. These building blocks are supposed
to allow browsers to communicate with each other using real-time services.

   The requirements this I-D places on implementations is to implement
some other I-D or RFC, and that includes security relevant requirements.
I did not follow the references and look at the WebRTC security draft or
the WebRTC security architecture draft.

   As it really doesn't provide any new protocol there really aren't any
security relevant vectors to look at. Having said that, the Security
Considerations are well done by enumerating the points of concern regarding
web-enabled real-time communications.

   This document is READY for publication.

   regards,

   Dan.