Great comments. Please see comments inline. On 5/27/15, 12:43 PM, "Hutton, Andrew" <andrew.hutton@xxxxxxxxx> wrote: >Thanks for the commens see below. > >Regards >Andy > >> -----Original Message----- >> From: Jari Arkko [mailto:jari.arkko@xxxxxxxxx] >> Sent: 26 May 2015 12:31 >> To: Peter Yee >> Cc: draft-ietf-siprec-protocol.all@xxxxxxxxxxxxxx; gen-art@xxxxxxxx; >> IETF Discussion Mailing List >> Subject: Re: Gen-ART LC review of draft-ietf-siprec-protocol-16 >> >> Thank you for your extensive review, Peter. >> >> Authors, do you have thoughts on Peter's questions? FWIW >> I thought these at least were important points: >> >> > Page 21, section 8.1.5, 2nd paragraph, 1st sentence: by "content" do >> you >> > actually mean "context"? Or do you mean to the content of a SIPREC >> > recording? >> ... > >I think this should really be "context" so should be changed. Agreed. It is actually occurs in two places, in section 8.1 and as noted in section 8.1.5. I will fix in both places. > > > >> > Page 38, section 12, 2nd paragraph, 3rd sentence: perhaps the word >> > "effective" would be more appropriate than characterizing it as an >> > "automatic" downgrade? >> > > >Good comment "effective" would be a better wording. Changed to ³effective security downgrade². > > > >> > Page 38, section 12.1, 1st paragraph, 2nd to last sentence: just >> because >> > an SRS is compromised does not mean that it cannot be authenticated. >> It >> > may very well be operating "correctly" and be able to authenticate, >> yet >> > the compromise allows the attacker to obtain the (decrypted) RS. >> > Authentication does not imply that the SRS you are talking to is not >> > compromised. It only indicates the SRS possesses some form of >> credential >> > that appears to identify it correctly. > >Cannot argue with that and probably we should remove the sentence >starting "The risk of not authenticating the SRS...". The two sentences expanding on the impact of the SRC and SRS not performing mutual authentication are as follows: "The risk of not authenticating the SRS is that the recording may be sent to a compromised SRS and that a sensitive call recording will be obtained by an attacker. On the other hand, the risk of not authenticating the SRC is that an SRS will accept calls from an unknown SRC and allow potential forgery of call recordings." Rather than removing, what if I change to the following: "The risk of not authenticating the SRS is that the recording may be sent to an entity other than the intended SRS, allowing a sensitive call recording to be received by an attacker. On the other hand, the risk of not authenticating the SRC is that an SRS will accept calls from an unknown SRC and allow potential forgery of call recordings. Cheers, Charles > > > >> >> Jari >