Thank you for your extensive review, Peter. Authors, do you have thoughts on Peter’s questions? FWIW I thought these at least were important points: > Page 21, section 8.1.5, 2nd paragraph, 1st sentence: by “content” do you > actually mean “context”? Or do you mean to the content of a SIPREC > recording? ... > Page 38, section 12, 2nd paragraph, 3rd sentence: perhaps the word > “effective” would be more appropriate than characterizing it as an > “automatic” downgrade? > > Page 38, section 12.1, 1st paragraph, 2nd to last sentence: just because > an SRS is compromised does not mean that it cannot be authenticated. It > may very well be operating “correctly” and be able to authenticate, yet > the compromise allows the attacker to obtain the (decrypted) RS. > Authentication does not imply that the SRS you are talking to is not > compromised. It only indicates the SRS possesses some form of credential > that appears to identify it correctly. Jari
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail