Skip to main content

Last Call Review of draft-ietf-sip-certs-

Request Review of draft-ietf-sip-certs
Requested revision No specific revision (document currently at 15)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2009-10-20
Requested 2009-01-13
Authors Cullen Fluffy Jennings , Jason Fischl
I-D last updated 2009-10-22
Completed reviews Secdir Last Call review of -?? by Julien Laganier
Assignment Reviewer Julien Laganier
State Completed
Review review-ietf-sip-certs-secdir-lc-laganier-2009-10-22
Completed 2009-10-22
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors.  Document editors and WG chairs should treat these
comments just like any other last call comments.

This draft defines a credential service that allows SIP user
agents store their certificates and to retrieve the certificates of 
other users. These user agents certificates are not required to be signed
by well known certificate authorities and can possibly be self-signed. 
The mechanism leverages on the SIP Identity framework to provide the
required features. 

I have found this document to be especially well written and easily 
understandable, even by a non-SIP expert such as myself. The security 
considerations section is comprehensive and seems to analyze the
protocol adequately.