Last Call Review of draft-ietf-pmol-sip-perf-metrics-
review-ietf-pmol-sip-perf-metrics-secdir-lc-hallam-baker-2009-10-08-00

Request Review of draft-ietf-pmol-sip-perf-metrics
Requested rev. no specific revision (document currently at 07)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2009-10-06
Requested 2009-08-06
Draft last updated 2009-10-08
Completed reviews Secdir Last Call review of -?? by Phillip Hallam-Baker
Assignment Reviewer Phillip Hallam-Baker
State Completed
Review review-ietf-pmol-sip-perf-metrics-secdir-lc-hallam-baker-2009-10-08
Review completed: 2009-10-08

Review
review-ietf-pmol-sip-perf-metrics-secdir-lc-hallam-baker-2009-10-08

I am reviewing this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments. Feel free to
forward to any appropriate forum.

 This document defines metrics for measuring the performance of SIP
systems but not a protocol for their exchange. As such it is entirely
appropriate that this document relies on the security section in the
main SIP protocol which is extensive.


One small area of concern is that the security considerations section
appears to operate under the assumption that the chief security
concern would be confidentiality. While it is possible that this might
be the case, it is also quite likely that any metrics system would be
employed for purposes in connection with billing. Hence there is
likely to be an integrity concern with one party or another
manipulating metrics for the purpose of avoiding payments due or for
imposing unjustified payments or penalties.


-- 
New Website: 

http://hallambaker.com/


View Quantum of Stupid podcasts, Tuesday and Thursday each week,


http://quantumofstupid.com/