Thanks for the commens see below.
Regards
Andy
-----Original Message-----
From: Jari Arkko [mailto:jari(_dot_)arkko(_at_)piuha(_dot_)net]
Sent: 26 May 2015 12:31
To: Peter Yee
Cc: draft-ietf-siprec-protocol(_dot_)all(_at_)tools(_dot_)ietf(_dot_)org;
gen-art(_at_)ietf(_dot_)org;
IETF Discussion Mailing List
Subject: Re: Gen-ART LC review of draft-ietf-siprec-protocol-16
Thank you for your extensive review, Peter.
Authors, do you have thoughts on Peter's questions? FWIW
I thought these at least were important points:
Page 21, section 8.1.5, 2nd paragraph, 1st sentence: by "content" do
you
actually mean "context"? Or do you mean to the content of a SIPREC
recording?
...
I think this should really be "context" so should be changed.
Page 38, section 12, 2nd paragraph, 3rd sentence: perhaps the word
"effective" would be more appropriate than characterizing it as an
"automatic" downgrade?
Good comment "effective" would be a better wording.
Page 38, section 12.1, 1st paragraph, 2nd to last sentence: just
because
an SRS is compromised does not mean that it cannot be authenticated.
It
may very well be operating "correctly" and be able to authenticate,
yet
the compromise allows the attacker to obtain the (decrypted) RS.
Authentication does not imply that the SRS you are talking to is not
compromised. It only indicates the SRS possesses some form of
credential
that appears to identify it correctly.
Cannot argue with that and probably we should remove the sentence starting "The
risk of not authenticating the SRS...".
Jari