Last Call Review of draft-ietf-mmusic-trickle-ice-sip-12

Request Review of draft-ietf-mmusic-trickle-ice-sip
Requested rev. no specific revision (document currently at 14)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2018-01-26
Requested 2018-01-12
Other Reviews Genart Last Call review of -12 by Dale Worley (diff)
Tsvart Last Call review of -12 by Joerg Ott (diff)
Secdir Telechat review of -13 by Shawn Emery (diff)
Review State Completed
Reviewer Shawn Emery
Review review-ietf-mmusic-trickle-ice-sip-12-secdir-lc-emery-2018-01-25
Posted at
Reviewed rev. 12 (document currently at 14)
Review result Has Issues
Draft last updated 2018-01-25
Review completed: 2018-01-25


I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.

This draft specifies how the Session Initiation Protocol (SIP) can use the
non-blocking version of the Interactive Connectivity Establishment (ICE)
Trickle ICE, and defines a new registry for this usage.

The security considerations section does exist and defers security concerns
draft-ietf-mmusic-ice-sip-sdp, RFC 6086, and draft-ietf-ice-trickle.

1. draft-ietf-mmusic-ice-sip-sdp
This will hopefully be available for a secdir review in the near future,
see general
comments concern below.
2. RFC 6086
6086 prescribes S/MIME if the environment requires payloads to be private
also suggests a digest-challenge in order to provide integrity protection.
3. draft-ietf-ice-trickle
defers to draft-ietf-ice-rfc5245bis.  ice-sip should reference the 5245bis
directly.  I won't duplicate Stephen's efforts in reviewing 5245bis.

General comments:

I'm concerned about the normative references to ietf-mmusic-ice-sip-sdp.
This draft should progress before or along with any dependents.

Editorial comments:

Some of the abbreviations that are not expanded and are not listed as well
known by the RFC Editor:

GRUU (needs to be expanded in Section 3.1)

making it cumbersome to follow the specification.