Last Call Review of draft-ietf-bfcpbis-sdp-ws-uri-07
review-ietf-bfcpbis-sdp-ws-uri-07-secdir-lc-hoffman-2017-01-05-00
| Request | Review of | draft-ietf-bfcpbis-sdp-ws-uri |
|---|---|---|
| Requested rev. | no specific revision (document currently at 09) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2017-01-12 | |
| Requested | 2016-12-22 | |
| Draft last updated | 2017-01-05 | |
| Completed reviews |
Genart Last Call review of -07 by Joel Halpern
(diff)
Secdir Last Call review of -07 by Paul Hoffman (diff) |
|
| Assignment | Reviewer | Paul Hoffman |
| State | Completed | |
| Review | review-ietf-bfcpbis-sdp-ws-uri-07-secdir-lc-hoffman-2017-01-05 | |
| Reviewed rev. | 07 (document currently at 09) | |
| Review result | Ready | |
| Review completed: | 2017-01-05 |
Review
review-ietf-bfcpbis-sdp-ws-uri-07-secdir-lc-hoffman-2017-01-05
This document specifies extensions to SDP that can be used by application protocols (most likely SIP endpoints) that rely on WebSocket as a transport. For this, they need a URI that will appear in an SDP attribute. The Security Considerations section of the document adequately covers the problems with creating this SDP attribute to carry the URI, namely that SDP can be run either with or without authentication in the message and transport. The security considerations say that the entities SHOULD use S/MIME and TLS for these; this common-sense suggestions apply to all use of SDP, and is no more important here than for other uses of SDP. --Paul Hoffman