Last Call Review of draft-ietf-sipcore-subnot-etags-
review-ietf-sipcore-subnot-etags-secdir-lc-hartman-2009-06-25-00
| Request | Review of | draft-ietf-sipcore-subnot-etags |
|---|---|---|
| Requested revision | No specific revision (document currently at 04) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2009-06-30 | |
| Requested | 2009-06-13 | |
| Authors | Dean Willis , Aki Niemi | |
| I-D last updated | 2009-06-25 | |
| Completed reviews |
Secdir Last Call review of -??
by Sam Hartman
|
|
| Assignment | Reviewer | Sam Hartman |
| State | Completed | |
| Request | Last Call review on draft-ietf-sipcore-subnot-etags by Security Area Directorate Assigned | |
| Completed | 2009-06-25 |
review-ietf-sipcore-subnot-etags-secdir-lc-hartman-2009-06-25-00
I've reviewed this draft for the security directorate. My review was reasonably light although I believe was sufficient. This draft defines a mechanism so that subscribers can avoid a notification message being generated when they already know the contents of that notification. The security considerations section claims that this mechanism does not change the security properties of the protocol: it is just an optimization. I'm fine with the document as it stands. It's not inherently true that an optimization of this type doesn't change the security properties. For example, if an attacker could modify a subscribe request and suppress a notification, that might change the security properties. However, as far as I can tell, this particular mechanism does not make any significant changes to the security properties.