Last Call Review of draft-ietf-simple-msrp-cema-
review-ietf-simple-msrp-cema-secdir-lc-williams-2011-12-21-00
| Request | Review of | draft-ietf-simple-msrp-cema |
|---|---|---|
| Requested revision | No specific revision (document currently at 07) | |
| Type | IETF Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2011-12-13 | |
| Requested | 2011-11-08 | |
| Authors | Christer Holmberg , Staffan Blau , Eric Burger | |
| I-D last updated | 2015-10-14 (Latest revision 2012-07-03) | |
| Completed reviews |
Genart IETF Last Call review of -??
by Suresh Krishnan
Secdir IETF Last Call review of -?? by Nicolás Williams |
|
| Assignment | Reviewer | Nicolás Williams |
| State | Completed | |
| Request | IETF Last Call review on draft-ietf-simple-msrp-cema by Security Area Directorate Assigned | |
| Completed | 2011-12-21 |
review-ietf-simple-msrp-cema-secdir-lc-williams-2011-12-21-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. CEMA is an SDP/MSRP extension that enables the "anchoring" of MSRP traffic through middleboxes that do not act as MITMs. This is a good thing if such anchoring is needed at all. The security considerations seems complete enough to me, and I believe it matches the media anchoring mechanism described in section 4, though I'm not sufficiently familiar with MSRP to say so for certain. In general it seems that CEMA improves security here (by allowing proxies to anchor media without having to act as MITMs) without making it worse in any way: in particular security generally depends on signaling security in SIP. Nico --