Telechat Review of draft-ietf-rtcweb-overview-18
review-ietf-rtcweb-overview-18-secdir-telechat-harkins-2017-03-15-00

   Greetings,

   I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

   This I-D is an "Applicability Statement" and does not describe a protocol
but, instead, a set of building blocks that should be accessible through
a Javascript API in a standard browser. These building blocks are supposed
to allow browsers to communicate with each other using real-time services.

   The requirements this I-D places on implementations is to implement
some other I-D or RFC, and that includes security relevant requirements.
I did not follow the references and look at the WebRTC security draft or
the WebRTC security architecture draft.

   As it really doesn't provide any new protocol there really aren't any
security relevant vectors to look at. Having said that, the Security
Considerations are well done by enumerating the points of concern regarding
web-enabled real-time communications.

   This document is READY for publication.

   regards,

   Dan.