Last Call Review of draft-campbell-sip-messaging-smime-03
|Requested rev.||no specific revision (document currently at 05)|
|Type||Last Call Review|
|Team||Security Area Directorate (secdir)|
|Draft last updated||2018-10-08|
Secdir Last Call review of -03 by Liang Xia
Genart Last Call review of -03 by Peter Yee (diff)
In general, this draft is clear and well written. I have 2 comments as below: 1. For Section 6, is it required to protect the UA capabilities negotiation messages? Have you considered the possible downgrade attack, like: the adversary tampered the UA capabilities negotiation message to make the UA work without s/mime? 2. For Section 12, is there any general way to defend against the attacks from malicious or compromised intermediaries mentioned in this section? Maybe some guidances are helpful here.