|
Larry, Thanks for you comments See inline From: Larry Zhu
[mailto:lzhu@xxxxxxxxxxxxxxxxxxxxx] Hello, I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments
just like any other last call comments. Overall as an informational ID I believe the document is well written
and it should be published as soon as possible. I have the following non-blocking COMMENTS: 1. Section 2, inconsistent use of RFC2119 language, “shipping
products and new products SHALL use …”, the preceding sentence
seems to suggest it is a “SHOULD” not a “SHALL”. [RE:] I
agree that SHOULD would reflect more the previous sentence since it explains
that this method is only for backward compatibility. 2. Section 4, the inconsistently spelling of “in time”
vs “in-time”. Not being an expert in this field, it is not clear to
me what the parenthesis actually adds. [RE:] I
can take it out. I agree that this is not important 3. Section 4, (what I consider) incorrect use of RFC2119 language,
“… MUST be validated by …”, I do not know what does the
use of “MUST” imply here. Suggestion: it should be sufficient to
drop the “MUST” keyword here, try “is validated
…”. [RE:] The
full sentence mandates that before sending a full frame the sender MUST validate
the congestion situation and allowed bandwidth. Note that the use case is for
application reasons and not for packet loss. 4. Section 5, “the UAC that sent…”, please expand
“UAC” on first use. [RE:] Will
do 5. section 7, unclear statement, “Note that this primitive is
supported by all known implementations”, it is not clear to me which
primitive it refers to. Suggestion: quote a reference for the primitive in
question. [RE:] I
think this is a redundant sentence since in previous versions of the draft we
had another primitive in the schema. 6. section 10, overall this section could benefit from more details or
references. For example, it is not clear how TLS can be applied to secure the
signalling path. [RE:] If
SIP INFO is used to carry the fast update this opening of TLS channel is defined
in SIP. I can change
"to secure the signaling using TLS" to "to secure the signaling
using TLS as explained in [5]" Also the last sentence seems to contradict with the rest of this
section. The section in RFC2976 only explicitly mentions confidentiality.
Suggestion: it might be sufficient to say the security considerations in
RFC2976 apply here. [RE:] Maybe I can change "This document does not
introduce new security considerations beyond those covered in [3]." To "Security considerations of [3] and [5] apply
here.". Best regards, --larry |
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf