Skip to main content

Last Call Review of draft-ietf-siprec-callflows-07
review-ietf-siprec-callflows-07-secdir-lc-atkins-2016-11-24-00

Request Review of draft-ietf-siprec-callflows
Requested revision No specific revision (document currently at 08)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2016-11-27
Requested 2016-10-27
Authors Ram R , Parthasarathi Ravindran , Paul Kyzivat
I-D last updated 2016-11-24
Completed reviews Genart Last Call review of -07 by Dan Romascanu (diff)
Secdir Last Call review of -07 by Derek Atkins (diff)
Opsdir Last Call review of -07 by Carlos Pignataro (diff)
Assignment Reviewer Derek Atkins
State Completed
Request Last Call review on draft-ietf-siprec-callflows by Security Area Directorate Assigned
Reviewed revision 07 (document currently at 08)
Result Has nits
Completed 2016-11-24
review-ietf-siprec-callflows-07-secdir-lc-atkins-2016-11-24-00
Hi,

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written with the intent of improving
security requirements and considerations in IETF drafts.  Comments
not addressed in last call may be included in AD reviews during the
IESG review.  Document editors and WG chairs should treat these
comments just like any other last call comments.

Summary:

Almost ready to publish.

Are there any implementation issues that should be added to the
Security Considerations?  What about privacy and/or data protection
(media encryption) issues/recommendations?

Details:

* I did not audit the SDP or XML for correctness.

* There is a typo in section 3.2.2:

                One of the participants
   Bob puts Alice hold and then resumes as part of the same CS.  The

  I believe this should be "Bob puts Alice *on* hold"?

* In section 3.3, the first paragraph starts with "The section
  describes...", should that be "This section"?

* In section 3.3.3, "Below is a snapshot sent from SRC to SRC in this
  case".  Is this a typo?  Or did you really mean to use SRC twice or
  should the second be SRS?

-derek

-- 
       Derek Atkins                 617-623-3745
       derek at ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant