Ballot for draft-ietf-avtcore-aria-srtp
Yes
No Objection
Note: This ballot was opened for revision 10 and is now closed.
I agree with most of Ben Laurie's SecDir comments, and Ben's questions on SHA-1, but will leave it to the Sec ADs to evaluate.
I think it would be wise to add a paragraph to the security considerations to call out the dependency on SHA1. A mention of what would need to happen to migrate to newer hash functions could also be helpful.
+1 regarding SHA-1
Although this is not a discuss, I think updated text would be very helpful on the following two issues. I agree with the SecDir reviewer that there should be more text around the short tag length in the security considerations section. I don't see a response to that post though. For SHA-1, a reference to RFC6194 for the security considerations for SHA-1message digest algorithms would be helpful. Thank you!
This actually looks more like a document that we would rather typically publish by the ISE (as it is describing a method employed by one specific entity only). I do not object to it publication as informational and I do understand that this mostly due to the registration the in the MIKEY registry, however, i would like to note that IESG Approval would have been another option for this registration.