Last Call Review of draft-ietf-avt-rtcp-port-for-ssm-
review-ietf-avt-rtcp-port-for-ssm-secdir-lc-eastlake-2010-12-16-00

Request Review of draft-ietf-avt-rtcp-port-for-ssm
Requested rev. no specific revision (document currently at 04)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2010-12-14
Requested 2010-11-30
Draft last updated 2010-12-16
Completed reviews Secdir Last Call review of -?? by Donald Eastlake
Assignment Reviewer Donald Eastlake
State Completed
Review review-ietf-avt-rtcp-port-for-ssm-secdir-lc-eastlake-2010-12-16
Review completed: 2010-12-16

Review
review-ietf-avt-rtcp-port-for-ssm-secdir-lc-eastlake-2010-12-16

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  Document editors and WG chairs should treat these comments just
like any other last call comments.

This draft specifies the addition of a new SDP attribute. This
attribute does not appear to present any new type of security
vulnerability.

I believe the Security Considerations section needs a small addition
to avoid being too vague. It currently just says "Therefore, as usual
adequate security measures are RECOMMENDED ..." without giving any
hint as to what those measures are or where to find any. Admittedly,
this draft is an update to RFC 5760 and a reasonable non-exclusive
list of such measures occurs in that RFC. Nevertheless, I would be
much more comfortable if the Security Considerations section wording
was augmented so it said "Therefore, adequate security measures, such
as those listed in the Security Considerations section of [RFC5760],
are RECOMMENDED...".

Trivia:

The following sentence:
   "The formal description of the 'multicast-rtcp' attribute is defined
   by the following ABNF [RFC5234] syntax:"
somehow reads as sort of redundantly redundant. Maybe: "The following
ABNF [RFC5234] syntax formally describes the 'multicast-rtcp'
attribute:"

Thanks,
Donald
=============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 d3e3e3 at gmail.com