Last Call Review of draft-ietf-sipcore-199-
review-ietf-sipcore-199-secdir-lc-weiler-2010-02-02-00

I have reviewed this document as part of the security directorate's 


ongoing effort to review all IETF documents being processed by the 


IESG.  Document editors and WG chairs should treat these comments just 


like any other last call comments.




This defines an intermediate "we're done" response, allowing parties
to tear down some state, while still requiring a final response.

The obvious risk (forging these, just like forging a TCP reset) is
documented.

Even though the point of the 199 response is to allow early resource
release, I notice that some state is still being maintained for these
sessions.  It might be worth explicitly reminding readers of when they
can timeout (is there a timeout specified somewhere?).

I'm also a little worried about the implications of one party or
another trying to continue the dialog, perhaps maliciously, after
sending or receiving one of these.  What if one of these were used to
disable a monitoring or billing system, but the parties continued to
use the open session?  (Compare to sending a weak C-tone on a
wiretapped PSTN line.)

Editorial:

Please expand the acronyms in the abstract.  (The id-nits checklist
says the abstract "Should be meaningful to someone not versed in the
technology; most abbreviations must be expanded on first use.")

-- Sam