Skip to main content

Telechat Review of draft-ietf-rtcweb-overview-18

Request Review of draft-ietf-rtcweb-overview
Requested revision No specific revision (document currently at 19)
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2017-03-14
Requested 2017-02-22
Authors Harald T. Alvestrand
I-D last updated 2017-03-15
Completed reviews Secdir Telechat review of -18 by Dan Harkins (diff)
Opsdir Telechat review of -18 by Jon Mitchell (diff)
Genart Last Call review of -18 by Meral Shirazipour (diff)
Assignment Reviewer Dan Harkins
State Completed
Request Telechat review on draft-ietf-rtcweb-overview by Security Area Directorate Assigned
Reviewed revision 18 (document currently at 19)
Result Ready
Completed 2017-03-15

   I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

   This I-D is an "Applicability Statement" and does not describe a protocol
but, instead, a set of building blocks that should be accessible through
a Javascript API in a standard browser. These building blocks are supposed
to allow browsers to communicate with each other using real-time services.

   The requirements this I-D places on implementations is to implement
some other I-D or RFC, and that includes security relevant requirements.
I did not follow the references and look at the WebRTC security draft or
the WebRTC security architecture draft.

   As it really doesn't provide any new protocol there really aren't any
security relevant vectors to look at. Having said that, the Security
Considerations are well done by enumerating the points of concern regarding
web-enabled real-time communications.

   This document is READY for publication.