ietf
[Top] [All Lists]

Security Directorate review of draft-ietf-clue-datachannel-13

2016-07-15 14:39:50
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This document is ready for publication.  It's well written, and, while
I have a few minor comments, they are only of the most minor sort.

-- Section 3.1 --

   As described in [I-D.ietf-rtcweb-data-channel], the SCTP streams
   realizing a WebRTC data channel must be associated with the same SCTP
   association.  In addition, both SCTP streams realizing the WebRTC
   data channel must use the same SCTP stream identifier value.  These
   rules also apply to a CLUE data channel.

I don't know that it matters a lot, but this seems to be an odd way of
saying that because a CLUE data channel is a WebRTC data channel, a
CLUE data channel behaves like and has the same rules as a WebRTC data
channel.  I think I might word it more straightforwardly that way,
something like this:

NEW
   Because a CLUE data channel is a special case of a WebRTC data
   channel [I-D.ietf-rtcweb-data-channel], a CLUE data channel behaves
   like a WebRTC data channel and abides by the same rules.  In particular,
   the SCTP streams realizing a WebRTC data channel must be associated
   with the same SCTP association, and both SCTP streams realizing the
   WebRTC data channel must use the same SCTP stream identifier value.
END

Worded that way, it also supports the many other times in the document
that you point out things that rtcweb-data-channel says that affect
CLUE data channel behaviour.

But, as I said, I don't know that it matters a lot, so... just a suggestion.

-- Section 3.2.3 --
I think I'd move (or copy) the citation of [I-D.ietf-clue-protocol] to
Section 1, where "CLUE protocol" is first mentioned.

-- Section 3.3.1.1 --

   CLUE entities SHOULD NOT transport the SCTPoDTLS association used to
   realize the CLUE data channel over TCP (using the "TCP/DTLS/SCTP"
   proto value), unless it is known that UDP/DTLS/SCTP will not work

Are there other reasons to transport over TCP other than "knowing that
UDP/DTLS/SCTP will not work"?  If so, OK.  If not, then I think you
really mean "MUST NOT ... unless ...."

-- References --
I don't think RFC 3264 is normative.

-- 
Barry

<Prev in Thread] Current Thread [Next in Thread>
  • Security Directorate review of draft-ietf-clue-datachannel-13, Barry Leiba <=