Thank you for your extensive review, Peter.
Authors, do you have thoughts on Peter’s questions? FWIW
I thought these at least were important points:
Page 21, section 8.1.5, 2nd paragraph, 1st sentence: by “content” do you
actually mean “context”? Or do you mean to the content of a SIPREC
recording?
...
Page 38, section 12, 2nd paragraph, 3rd sentence: perhaps the word
“effective” would be more appropriate than characterizing it as an
“automatic” downgrade?
Page 38, section 12.1, 1st paragraph, 2nd to last sentence: just because
an SRS is compromised does not mean that it cannot be authenticated. It
may very well be operating “correctly” and be able to authenticate, yet
the compromise allows the attacker to obtain the (decrypted) RS.
Authentication does not imply that the SRS you are talking to is not
compromised. It only indicates the SRS possesses some form of credential
that appears to identify it correctly.
Jari
signature.asc
Description: Message signed with OpenPGP using GPGMail