Last Call Review of draft-worley-service-example-13
review-worley-service-example-13-secdir-lc-kent-2013-08-29-00

Request Review of draft-worley-service-example
Requested rev. no specific revision (document currently at 15)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2013-09-13
Requested 2013-08-22
Draft last updated 2013-08-29
Completed reviews Genart Last Call review of -13 by Suresh Krishnan (diff)
Genart Telechat review of -14 by Suresh Krishnan (diff)
Secdir Last Call review of -13 by Stephen Kent (diff)
Assignment Reviewer Stephen Kent
State Completed
Review review-worley-service-example-13-secdir-lc-kent-2013-08-29
Reviewed rev. 13 (document currently at 15)
Review result Has Issues
Review completed: 2013-08-29

Review
review-worley-service-example-13-secdir-lc-kent-2013-08-29

Vincent and Ray,


>>
>> A reference to SRTP is missing. Please add.> 
> 
> Thanks. Will do.

I think referencing SRTP here is to narrow. I think the appropriate
thing to point out is the need for source authentication and message
integrity and then point to the need for a security solution that
provide this. SRTP is a transport security solution, without
key-management. So pointing at this to resolve this issue is
insufficient and also not deployable. I think a better reference now
that it exist and is getting closer to publication might be:



https://datatracker.ietf.org/doc/draft-ietf-avtcore-rtp-security-options/



Cheers

Magnus Westerlund

----------------------------------------------------------------------
Multimedia Technologies, Ericsson Research EAB/TVM
----------------------------------------------------------------------
Ericsson AB                | Phone  +46 10 7148287
Färögatan 6                | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund at ericsson.com
----------------------------------------------------------------------