Last Call Review of draft-pd-dispatch-msrp-websocket-12
review-pd-dispatch-msrp-websocket-12-secdir-lc-eastlake-2016-07-06-00

Request Review of draft-pd-dispatch-msrp-websocket
Requested rev. no specific revision (document currently at 15)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2016-07-08
Requested 2016-06-17
Draft last updated 2016-07-06
Completed reviews Genart Last Call review of -12 by Joel Halpern (diff)
Secdir Last Call review of -12 by Donald Eastlake (diff)
Opsdir Last Call review of -10 by Fred Baker (diff)
Assignment Reviewer Donald Eastlake
State Completed
Review review-pd-dispatch-msrp-websocket-12-secdir-lc-eastlake-2016-07-06
Reviewed rev. 12 (document currently at 15)
Review result Has Nits
Review completed: 2016-07-06

Review
review-pd-dispatch-msrp-websocket-12-secdir-lc-eastlake-2016-07-06

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  Document editors and WG chairs should treat these comments just
like any other last call comments.

This draft specifies a new WebSocket sub-protocol as a reliable
transport mechanism between MSRP (Message Session Relay Protocol)
clients and relays. It depends on the use of secure WebSocket
connections (TLS) and existing authentication mechanisms. I am not
particularly familiar with WebSockets or MSRP but the Security
Considerations section looks adequate to me.

There are a lot of example message flows in this document that i don't
really know enough to evaluate.

Nits:

It is peculiar that Sections 10, Section 11, and Appendix A have only
a single subsection aa their entire content. In the case of Sections
10 and 11, I think the 10.1 and 11.1 headers should just be
eliminated. In the case of Appendix A, probably the A.1 heading should
be moved up to the A level.

Thanks,
Donald
===============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e3e3 at gmail.com