Early Review of draft-ietf-tsvwg-dtls-for-sctp-
review-ietf-tsvwg-dtls-for-sctp-secdir-early-meadows-2010-06-09-00
| Request | Review of | draft-ietf-tsvwg-dtls-for-sctp |
|---|---|---|
| Requested revision | No specific revision (document currently at 06) | |
| Type | Early Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2010-06-09 | |
| Requested | 2010-04-01 | |
| Authors | Michael Tüxen , Eric Rescorla , Robin Seggelmann | |
| I-D last updated | 2010-06-09 | |
| Completed reviews |
Secdir Early review of -??
by Catherine Meadows
|
|
| Assignment | Reviewer | Catherine Meadows |
| State | Completed | |
| Request | Early review on draft-ietf-tsvwg-dtls-for-sctp by Security Area Directorate Assigned | |
| Completed | 2010-06-09 |
review-ietf-tsvwg-dtls-for-sctp-secdir-early-meadows-2010-06-09-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes the usage of the Datagram Transport Layer Security (DTLS) protocol over the Stream Control Transmission Protocol (SCTP). Most of the document deals with the different DTLS features, that must, must not, may, or should be used in this case. I don't see any security issues other than the one the authors have already noted, that is, that certain information is unavoidably sent in the clear because it is in the header, and security decisions should not be made when certificates based on IP-addresses are used, since SCTP associations use multiple addresses per SCTP endpoint. Thus, I have no further comments to make. Catherine Meadows Naval Research Laboratory Code 5543 4555 Overlook Ave., S.W. Washington DC, 20375 phone: 202-767-3490 fax: 202-404-7942 email: catherine.meadows at nrl.navy.mil