Last Call Review of draft-ietf-avt-srtp-not-mandatory-

Request Review of draft-ietf-avt-srtp-not-mandatory
Requested rev. no specific revision (document currently at 16)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2010-05-27
Requested 2010-05-14
Authors Colin Perkins, Magnus Westerlund
Draft last updated 2010-06-20
Completed reviews Genart Last Call review of -14 by Vijay Gurbani (diff)
Secdir Last Call review of -?? by Sam Hartman
Assignment Reviewer Sam Hartman 
State Completed
Review review-ietf-avt-srtp-not-mandatory-secdir-lc-hartman-2010-06-20
Review completed: 2010-06-20


Hi.  I've reviewed draft-ietf-avt-srtp-not-mandatory for the security
directorate.  The security ADs should read this draft very carefully,
although I think that's obvious from the filename.  However, after doing
a careful reading of my own, I didn't find any problems.

I might wish for a stronger statement in section 5 that particular
profiles of RTP need to specify a mandatory to implement security
mechanism.  However, this is not a BCP, and I can understand why you
wouldn't put that statement in an informational document.  Also, it's a
bit tricky to get that statement right, considering for example the
implications of a profile of RTP that might of itself be a framework.