Last Call Review of draft-ietf-sipcore-subnot-etags-

Request Review of draft-ietf-sipcore-subnot-etags
Requested rev. no specific revision (document currently at 04)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2009-06-30
Requested 2009-06-13
Authors Dean Willis, Aki Niemi
Draft last updated 2009-06-25
Completed reviews Secdir Last Call review of -?? by Sam Hartman
Assignment Reviewer Sam Hartman 
State Completed
Review review-ietf-sipcore-subnot-etags-secdir-lc-hartman-2009-06-25
Review completed: 2009-06-25


I've reviewed this draft for the security directorate.  My review was
reasonably light although I believe was sufficient. 

This draft defines a mechanism so that subscribers can avoid a
notification message being generated when they already know the
contents of that notification.

The security considerations section claims that this mechanism does
not change the security properties of the protocol: it is just an
optimization.  I'm fine with the document as it stands.  It's not
inherently true that an optimization of this type doesn't change the
security properties.  For example, if an attacker could modify a
subscribe request and suppress a notification, that might change the
security properties.

However, as far as I can tell, this particular mechanism does not make
any significant changes to the security properties.