Last Call Review of draft-ietf-sipbrandy-rtpsec-07
review-ietf-sipbrandy-rtpsec-07-opsdir-lc-romascanu-2019-02-26-00

This document with an intended status BCP describes best practices for
negotiating confidential media with SIP which include two approaches:
comprehensive protection solutions which bind the media to SIP-layer
identities, and opportunistic security solutions.

The document is Ready from an OPS-DIR point of view.

As the document does not define new protocols but rather refers existing
specifications, a full RFC 5706 review does not apply.

I have two non-blocking comments from an operational point of view:

1. The two approaches seem to differ from several aspects including the
maturity of the specification. Comprehensive protection relies on a set of
stable RFCs, while opportunistic solutions refer two work-in-progress IDs. It
would be useful to mention this, and maybe include a comparative list of
features which would help in selecting the appropriate solution from case to
case

2. We are missing in the SIP realm some documentation about the impact of
applying the various confidentiality approaches on manageability. For example
is observability impacted? Can session statistics be retrieved and error
condition signaled? Do approaches like RTCP-XR still apply? Maybe this BCP can
be a good place for such an operational consideration section.