Framework for Establishing a Secure Real-time Transport Protocol (SRTP) Security Context Using Datagram Transport Layer Security (DTLS)
RFC 5763

Note: This ballot was opened for revision 07 and is now closed.

(Cullen Jennings) Yes

(Jon Peterson) Yes

Magnus Westerlund (was Discuss) Yes

(Jari Arkko) (was Discuss) No Objection

(Ross Callon) No Objection

(Lisa Dusseault) No Objection

(Lars Eggert) No Objection

Comment (2008-11-05 for -)
No email
send info
** Obsolete normative reference: RFC 3280 (Obsoleted by RFC 5280)

Section 11., paragraph 0:
>      A.18. Media Security Negotation (R-NEGOTIATE)  . . . . . . . . . 32
  Nit: s/Negotation/Negotiation/

Section 1., paragraph 4:
>    control of on-path sigaling elements.
  Nit: s/sigaling/signaling/

Section 6.7.2., paragraph 1:
>    active side MUST proceed with the DTLS handshake as appopriate even
  Nit: s/appopriate/appropriate/

Section 7., paragraph 3:
>    especialy if Identity is not in use.  Note that all other signaling

  Nit: s/especialy/especially/

Section 8.6., paragraph 4:
>    In both of these cases, the assurances taht DTLS-SRTP provides in

  Nit: s/taht/that/

(Pasi Eronen) (was Discuss, No Objection) No Objection

(Russ Housley) (was Discuss) No Objection

(Chris Newman) No Objection

(Tim Polk) No Objection

Comment (2008-11-06 for -)
No email
send info
The Introduction states that:

   However, third party certificates MAY also be used for extra security.

The limitations of that extra security should be addressed in the security considerations.
To my mind, there is some degree of "defense in depth", but using third party certificates
will not address any fundamental limitations of the protocol.  For example, if SIP Identity or
an equivalent mechanism is not employed, third party certificates do not compensate since
there is no binding between names in the certificate and the name used in the application.

I am not trying to discourage use of third party certificates where available, but I don't
want to see them oversold through omission.

(Dan Romascanu) No Objection

(Mark Townsley) No Objection

(David Ward) No Objection