I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.

This draft specifies a DTLS tunneling protocol for Privacy-Enhanced RTP Conferencing (PERC).  This entails a key exchange between the conference end-points and the key distributor through a delegate, media distributor.

The security considerations section does exist and describes that the media distributor does not introduce any additional security issues given that it is just on-path with the key exchange between the endpoint and the key distributor.  Secondly, the key material between the media distributor and key distributor is protected through the mutually authenticated connection between the two entities.  Thirdly, the meta data exchanged between the media distributor and key distributor is not sensitive information, but is still protected through the TLS connection.  I agree with the above assertions.  Besides the concerns described in the genart review about the impact of key material disclosure, the authors should consider the various other forms of security issues against the protocol, such as downgrade/DoS attacks from profile negotiation, etc.  The section could list and simply refer to the base RFCs, 5764, 8871, etc., to provide remediation against these attacks.

General comments:

The example message flow and binary coding was helpful, thank you.

Editorial comments:

s/might might/might/
s/!@RFC4566/RFC4566/g
s/An value/A value/
s/!@RFC8126/RFC8126/
s/material This/material.  This/