[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Comment: draft-ietf-sigtran-signalling-over-sctp-applic-09
draft-ietf-sigtran-signalling-over-sctp-applic-09.txt
Telephony Signalling Transport over SCTP applicability statement
(Informational)
I have another comment. This is in addition to the one I sent yesterday,
not a replacement.
The security considerations section of
draft-ietf-sigtran-signalling-over-sctp-applic-09 says:
UALs are designated to carry signalling messages for telephony
services. As such, UALs must involve the security needs of several
parties: the end users of the services; the network providers and
the applications involved. Additional requirements may come from
local regulation. While having some overlapping security needs, any
security solution should fulfill all of the different parties'
needs. See specific Security considerations in each UAL technical
specification for details.
The draft-ietf-sigtran-v5ua document is a UAL technical specification,
and the security considerations section points to a third document,
which is a normative reference. Can't we eliminate the additional
level of indirection? I expected the UAL specification to address
protocol specific concerns, but it looks like the working group wants
to put it all in one place. Since I have not looked at this document
yet, I will reserve judgement about the soundness of this approach.