Last Call Review of draft-ietf-siprec-protocol-16
review-ietf-siprec-protocol-16-genart-lc-yee-2015-05-16-00

Request Review of draft-ietf-siprec-protocol
Requested rev. no specific revision (document currently at 18)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2015-05-15
Requested 2015-05-07
Authors Leon Portman, Henry Lum, Charles Eckel, Alan Johnston, Andrew Hutton
Draft last updated 2015-05-16
Completed reviews Genart Last Call review of -16 by Peter Yee (diff)
Opsdir Last Call review of -16 by Scott Bradner (diff)
Assignment Reviewer Peter Yee
State Completed
Review review-ietf-siprec-protocol-16-genart-lc-yee-2015-05-16
Reviewed rev. 16 (document currently at 18)
Review result Ready with Issues
Review completed: 2015-05-16

Review
review-ietf-siprec-protocol-16-genart-lc-yee-2015-05-16

I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at
<

http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>

Please resolve these comments along with any other Last Call comments you
may receive.


Document: draft-ietf-siprec-protocol-16
Reviewer: Peter Yee
Review Date: May-15-2015
IETF LC End Date: May-15-2015
IESG Telechat date: TBD

Summary: This draft is almost ready for publication as a proposed standard
but has open issues, described in the review. [Ready with issues]

The draft specifies entities and a protocol using SIP, SDP, and RTP for
recording communication sessions.  It provides the ability to notify UAs
that they are being recorded and for UAs to notify the recording system of
their recording preference.

The document is well written and has no obvious major technical issues.


Major issues: None

Minor issues:

Page 7, section 5.2, 1st paragraph, 1st sentence: are there any concerns
about the possibility of an SRC forging the metadata?  It seems like the
SRC could generate whatever metadata it wants and supply that in the RS.

Page 21, section 8.1.4, last sentence: what does “appropriately”.  Specify
where is the appropriate interpretation defined or provide it here.

Page 21, section 8.1.5, 2nd paragraph, 1st sentence: by “content” do you
actually mean “context”?  Or do you mean to the content of a SIPREC
recording?

Page 27, section 8.3.1, 2nd paragraph, 1st sentence: is there a
specification for how the SRC is supposed to map each CS CNAME to an RS
CNAME?  If so, give a pointer to that specification.

Page 30, section 9.1, 4th bullet item: unlike the other bullet items, this
one is not a temporary wait before sending the metadata, but is rather a
complete refusal to send certain metadata.  As such, although related to
the others, it would seem to be out of place within the set of bullet
items.

Page 38, section 12, 2nd paragraph, 3rd sentence: perhaps the word
“effective” would be more appropriate than characterizing it as an
“automatic” downgrade?

Page 38, section 12.1, 1st paragraph, 2nd to last sentence: just because
an SRS is compromised does not mean that it cannot be authenticated.  It
may very well be operating “correctly” and be able to authenticate, yet
the compromise allows the attacker to obtain the (decrypted) RS.
Authentication does not imply that the SRS you are talking to is not
compromised.  It only indicates the SRS possesses some form of credential
that appears to identify it correctly.


Page 39, last paragraph: I think this paragraph should mention (like the
previous one) that a comparable level of security is required in this
scenario as well.  It’s not just a different key that’s going to be used,
but it should be one of equivalent strength.

Nits:

NB: Anything below marked with an asterisk before the line is a technical
change; the rest are purely editorial and of lesser importance.

General:

Put a comma after “e.g.” and “i.e.” throughout the document — it’s done
inconsistently as it is.  Maybe s/e\.g\. /e\.\g., / would do the trick and
likewise for “i.e”.

Replace “Recording aware” with “Recording-aware”.

Specific:

Page 4, section 1, 2nd sentence: change “accordance to” to “accordance
with”.

Page 5, last bullet item: insert “a” before “non-SIP”.

Page 7, last paragraph, 2nd sentence: insert “the” before the 2nd “SRS”.

Page 8, Figure 2, step 1: append “1” after “snapshot” for parallel
construction.

Page 10, section 6.1.2, 1st sentence: change “recording indication” to
“recording indications”.  Or, alternatively use “a recording indication”
if there’s only one provided to all participants.

Page 11, section 6.3, 1st sentence: insert “a” before “recording
indication”.

Page 12, 1st partial paragraph, 1st full sentence: delete an extraneous
space before “IVR”.

Page 12, 1st partial paragraph, 2nd full sentence: insert “a” before “user
agent”.

Page 12, section 7.1.1, 2nd paragraph, last sentence: change “contributes”
to “contribute”.

Page 12, section 7.1.1, 3rd paragraph, 1st sentence: insert “an” before
“SRC”.

Page 14, section 7.1.2, 1st paragraph, last sentence: insert “a” before
“CS”.

Page 15, section 7.2, 1st paragraph, 2nd sentence: insert “the” before
“a=inactive”.

Page 15, section 7.2, 1st paragraph, 3rd sentence: insert “the” before
“a=recvonly”.

Page 15, section 7.2, 1st paragraph, 3rd sentence: Would this sentence be
more correct if rewritten for clarity as: "When the SRS is ready to
receive recorded streams, the SRS sends a new SDP offer and sets the
a=recvonly
attribute in the media streams.”?

Page 15, section 7.2, 2nd paragraph, 1st sentence: insert “an” before the
first “SDP” and insert “the” before “SRS”.

Page 16, 2nd paragraph, 1st sentence: insert “the” before the 2nd “SRS”.

Page 16, 2nd paragraph, 2nd sentence: consider changing “with recorded
streams” to “with the streams to be recorded” if that makes more sense.

Page 19, section 8.1.1, 2nd item, 2nd paragraph: change the semicolon to a
comma.

Page 20, section 8.1.2, 1st paragraph, 1st sentence: move the comma before
"[RFC5124]” to after that; do the same for “[RFC4585]”.  Change “non
encrypted” to “non-encrypted”.

Page 20, section 8.1.2, 1st paragraph, 2nd sentence: move the comma before
"[RFC3711]” to after that.  Delete the comma after "RTP Profile for Audio
and Video Conferences with Minimal Control”.  Change “AVP” to "(RTP/AVP)”.

Page 20, section 8.1.2, 1st paragraph, 3rd sentence: insert “RTP/“ before
each of “SAVP” and “AVP”.

Page 20, section 8.1.2, 2nd paragraph, 2nd sentence: change the space
after “AVPF” to a hyphen.

Page 20, section 8.1.3, 1st paragraph, 1st sentence: append a comma after
“[RFC3550]”.

Page 21, section 8.1.4, last sentence: change “sets” to “set”.

*Page 22, section 8.1.7, last sentence: change “AVFP” to “AVPF”.

Page 24, section 8.2, 1st paragraph, 2nd sentence: delete the comma after
“to”.

Page 30, section 9.1, 1st bullet item: insert “a” before the first
“previous”.  Insert “the SRC” before “cannot”.  Insert “the” before the
2nd “previous”.

Page 30, last paragraph, 1st sentence: change “an” to “a” before “200”.

Page 31, 2nd paragraph, 2nd sentence: append “.,” after “e.g”.

Page 32, section 9.2, 2nd paragraph, 2nd sentence: delete “for”.

Page 33, last paragraph, 2nd sentence: Why not state this in the
affirmative: “Any subsequent partial updates will only be dependent on the
metadata sent in this full metadata snapshot and any intervening partial
updates.”

Page 34, section 9.2.1, 1st paragraph: change “augmented” to “Augmented”.
Change “BNF” to “ABNF”.

Page 34, section 9.2.1, definition: change “RFC3261” to “RFC 3261”.

Page 34, section 10, 1st paragraph, 3rd sentence: insert “a” before “new
SDP”.

Page 34, section 10, 2nd paragraph, 3rd sentence: change “solves” to
“solve”.

Page 35, section 11.1.1, description, 1st sentence: insert “that” before
“the SIP”.

Page 35, section 11.1.1, description, 3rd sentence: change “UAS” to “UA”.

Page 35, section 11.1.2, description: change all occurrences of “media
level” and “session level” to “media-level” and “session-level”,
respectively.

Page 35, section 11.2.1, 1st paragraph: change the 2nd “for” to “of a”.

Page 36, section 11.2.2, 1st paragraph: change the 2nd “for” to “of a”.

Page 38, section 12, 1st paragraph, 1st sentence: delete the comma after
“therefore”.

Page 40, section 12.4, last sentence: append a comma after “simple”.