Last Call Review of draft-ietf-avt-rapid-rtp-sync-
review-ietf-avt-rapid-rtp-sync-secdir-lc-hoffman-2010-06-03-00

Request Review of draft-ietf-avt-rapid-rtp-sync
Requested rev. no specific revision (document currently at 13)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2010-06-01
Requested 2010-05-14
Authors Colin Perkins, Thomas Schierl
Draft last updated 2010-06-03
Completed reviews Secdir Last Call review of -?? by Paul Hoffman
Assignment Reviewer Paul Hoffman 
State Completed
Review review-ietf-avt-rapid-rtp-sync-secdir-lc-hoffman-2010-06-03
Review completed: 2010-06-03

Review
review-ietf-avt-rapid-rtp-sync-secdir-lc-hoffman-2010-06-03

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other comments.

The extensions described in this document probably do not cause any security problems for the Internet. As the security considerations section says, the security of these extensions inherit most of the security considerations of RTP.

From my admittedly naive reading, it seems that an attacker could use one or more of these extensions to amplify a denial-of-service attack by causing nodes to try to synch when they can't; if so, that might be added to the security considerations section. However, this is a trivial point even if true, and the document is fine as-is.

--Paul Hoffman, Director
--VPN Consortium