Last Call Review of draft-ietf-bfcpbis-sdp-ws-uri-07
review-ietf-bfcpbis-sdp-ws-uri-07-secdir-lc-hoffman-2017-01-05-00

Request Review of draft-ietf-bfcpbis-sdp-ws-uri
Requested rev. no specific revision (document currently at 09)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-01-12
Requested 2016-12-22
Draft last updated 2017-01-05
Completed reviews Genart Last Call review of -07 by Joel Halpern (diff)
Secdir Last Call review of -07 by Paul Hoffman (diff)
Assignment Reviewer Paul Hoffman
State Completed
Review review-ietf-bfcpbis-sdp-ws-uri-07-secdir-lc-hoffman-2017-01-05
Reviewed rev. 07 (document currently at 09)
Review result Ready
Review completed: 2017-01-05

Review
review-ietf-bfcpbis-sdp-ws-uri-07-secdir-lc-hoffman-2017-01-05

This document specifies extensions to SDP that can be used by 
application protocols (most likely SIP endpoints) that rely on WebSocket 
as a transport. For this, they need a URI that will appear in an SDP 
attribute.

The Security Considerations section of the document adequately covers 
the problems with creating this SDP attribute to carry the URI, namely 
that SDP can be run either with or without authentication in the message 
and transport. The security considerations say that the entities SHOULD 
use S/MIME and TLS for these; this common-sense suggestions apply to all 
use of SDP, and is no more important here than for other uses of SDP.

--Paul Hoffman