Telechat Review of draft-ietf-rtcweb-overview-18
review-ietf-rtcweb-overview-18-secdir-telechat-harkins-2017-03-15-00

Request Review of draft-ietf-rtcweb-overview
Requested rev. no specific revision
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2017-03-14
Requested 2017-02-22
Other Reviews Opsdir Telechat review of -18 by Jon Mitchell
Genart Last Call review of -18 by Meral Shirazipour
Review State Completed
Reviewer Dan Harkins
Review review-ietf-rtcweb-overview-18-secdir-telechat-harkins-2017-03-15
Posted at https://mailarchive.ietf.org/arch/msg/secdir/nZ2gtCPzbWl5rvoFjZ35E9BI4N4
Reviewed rev. 18
Review result Ready
Last updated 2017-03-15

Review
review-ietf-rtcweb-overview-18-secdir-telechat-harkins-2017-03-15

   Greetings,

   I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

   This I-D is an "Applicability Statement" and does not describe a protocol
but, instead, a set of building blocks that should be accessible through
a Javascript API in a standard browser. These building blocks are supposed
to allow browsers to communicate with each other using real-time services.

   The requirements this I-D places on implementations is to implement
some other I-D or RFC, and that includes security relevant requirements.
I did not follow the references and look at the WebRTC security draft or
the WebRTC security architecture draft.

   As it really doesn't provide any new protocol there really aren't any
security relevant vectors to look at. Having said that, the Security
Considerations are well done by enumerating the points of concern regarding
web-enabled real-time communications.

   This document is READY for publication.

   regards,

   Dan.