Skip to main content

Last Call Review of draft-ietf-xrblock-rtcweb-rtcp-xr-metrics-08
review-ietf-xrblock-rtcweb-rtcp-xr-metrics-08-secdir-lc-weis-2018-02-22-00

Request Review of draft-ietf-xrblock-rtcweb-rtcp-xr-metrics
Requested revision No specific revision (document currently at 10)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2018-02-23
Requested 2018-02-09
Authors Varun Singh , Rachel Huang , Roni Even , Dan Romascanu , Deng Lingli
I-D last updated 2018-02-22
Completed reviews Genart Last Call review of -08 by Robert Sparks (diff)
Secdir Last Call review of -08 by Brian Weis (diff)
Genart Telechat review of -09 by Robert Sparks (diff)
Assignment Reviewer Brian Weis
State Completed
Request Last Call review on draft-ietf-xrblock-rtcweb-rtcp-xr-metrics by Security Area Directorate Assigned
Reviewed revision 08 (document currently at 10)
Result Has nits
Completed 2018-02-22
review-ietf-xrblock-rtcweb-rtcp-xr-metrics-08-secdir-lc-weis-2018-02-22-00
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These comments
were written primarily for the benefit of the security area directors. Document
editors and WG chairs should treat these comments just like any other last call
comments.

This document describes monitoring features related to media streams  in Web
real-time communication (WebRTC).  The monitoring features are sent in Sender
and Receiver Reports through RTCP along with other metrics related to the
transport of multimedia flows. The new monitoring features are comprised of
packet counts and other packet-related statistics (e.g., jitter).

The Security Considerations states that there are no additional security
considerations beyond those mentioned in related documents, and I believe this
is true. There is one reference in this section that needs to be fixed:
[RFC3792] is not correct. I assumed it should have been RFC 6792.

Also, it would be helpful to add a reference in Section 5.3 to RFC 7294 to
identify the source for "concealment metrics". A security reviewer will
naturally want to know what property "concealment" is intended to provide, and
it took some hunting down to find it and determine that it wasn't relevant.