|
Hello,
I
have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments
just like any other last call comments. Overall
as an informational ID I believe the document is well written and it should be
published as soon as possible. I
have the following non-blocking COMMENTS: 1.
Section 2, inconsistent use of RFC2119 language, “shipping products and
new products SHALL use …”, the preceding sentence seems to suggest
it is a “SHOULD” not a “SHALL”. 2.
Section 4, the inconsistently spelling of “in time” vs
“in-time”. Not being an expert in this field, it is not clear to me
what the parenthesis actually adds. 3.
Section 4, (what I consider) incorrect use of RFC2119 language, “…
MUST be validated by …”, I do not know what does the use of
“MUST” imply here. Suggestion: it should be sufficient to drop the
“MUST” keyword here, try “is validated …”. 4.
Section 5, “the UAC that sent…”, please expand
“UAC” on first use. 5.
section 7, unclear statement, “Note that this primitive is supported by
all known implementations”, it is not clear to me which primitive it
refers to. Suggestion: quote a reference for the primitive in question. 6.
section 10, overall this section could benefit from more details or references.
For example, it is not clear how TLS can be applied to secure the signalling
path. Also the last sentence seems to contradict with the rest of this section.
The section in RFC2976 only explicitly mentions confidentiality. Suggestion: it
might be sufficient to say the security considerations in RFC2976 apply here. Best
regards, --larry |
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf