Last Call Review of draft-ietf-xrblock-rtcweb-rtcp-xr-metrics-08
review-ietf-xrblock-rtcweb-rtcp-xr-metrics-08-secdir-lc-weis-2018-02-22-00
Request | Review of | draft-ietf-xrblock-rtcweb-rtcp-xr-metrics |
---|---|---|
Requested revision | No specific revision (document currently at 10) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2018-02-23 | |
Requested | 2018-02-09 | |
Authors | Varun Singh , Rachel Huang , Roni Even , Dan Romascanu , Deng Lingli | |
I-D last updated | 2018-02-22 | |
Completed reviews |
Genart Last Call review of -08
by Robert Sparks
(diff)
Secdir Last Call review of -08 by Brian Weis (diff) Genart Telechat review of -09 by Robert Sparks (diff) |
|
Assignment | Reviewer | Brian Weis |
State | Completed | |
Request | Last Call review on draft-ietf-xrblock-rtcweb-rtcp-xr-metrics by Security Area Directorate Assigned | |
Reviewed revision | 08 (document currently at 10) | |
Result | Has nits | |
Completed | 2018-02-22 |
review-ietf-xrblock-rtcweb-rtcp-xr-metrics-08-secdir-lc-weis-2018-02-22-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes monitoring features related to media streams in Web real-time communication (WebRTC). The monitoring features are sent in Sender and Receiver Reports through RTCP along with other metrics related to the transport of multimedia flows. The new monitoring features are comprised of packet counts and other packet-related statistics (e.g., jitter). The Security Considerations states that there are no additional security considerations beyond those mentioned in related documents, and I believe this is true. There is one reference in this section that needs to be fixed: [RFC3792] is not correct. I assumed it should have been RFC 6792. Also, it would be helpful to add a reference in Section 5.3 to RFC 7294 to identify the source for "concealment metrics". A security reviewer will naturally want to know what property "concealment" is intended to provide, and it took some hunting down to find it and determine that it wasn't relevant.