Last Call Review of draft-ietf-stir-oob-05
review-ietf-stir-oob-05-opsdir-lc-bhandari-2019-09-17-00

Request Review of draft-ietf-stir-oob
Requested rev. no specific revision (document currently at 06)
Type Last Call Review
Team Ops Directorate (opsdir)
Deadline 2019-09-17
Requested 2019-09-03
Authors Eric Rescorla, Jon Peterson
Draft last updated 2019-09-17
Completed reviews Secdir Last Call review of -05 by Watson Ladd (diff)
Genart Last Call review of -05 by Suhas Nandakumar (diff)
Opsdir Last Call review of -05 by Shwetha Bhandari (diff)
Genart Telechat review of -06 by Suhas Nandakumar
Secdir Telechat review of -06 by Watson Ladd
Assignment Reviewer Shwetha Bhandari
State Completed
Review review-ietf-stir-oob-05-opsdir-lc-bhandari-2019-09-17
Posted at https://mailarchive.ietf.org/arch/msg/ops-dir/PzhjwdxuLFaEB1nuZwiw9ZrzDRQ
Reviewed rev. 05 (document currently at 06)
Review result Ready
Review completed: 2019-09-17

Review
review-ietf-stir-oob-05-opsdir-lc-bhandari-2019-09-17

I have reviewed this document as part of the Operational directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written with the intent of improving the operational aspects of
the IETF drafts per guidelines in RFC5706 .
Comments that are not addressed in last call may be included
in AD reviews during the IESG review.  Document editors and WG chairs should
treat these comments just like any other last call comments.

Summary:
This is an informational draft that describes use cases and sketches a solution to deliver PASSporT objects outside of the signaling path as part of STIR(Secure Telephone Identity Revisited).  The PASSporT format defines a token that can be carried by signaling protocols, including SIP, to cryptographically attest the identify of callers. 
The solution defines a new Call Placement Service(CPS) that permits the PASSporT object to be stored during call processing and retrieved for verification purposes.
The draft clarifies that deploying this service and framework would require additional specification outside the scope of this document.

The draft covers operational considerations per the guidelines defined in RFC 5706:
    a) Operational environments section in the draft describes environments in which the proposed out-of-band STIR mechanism is intended to operate. 
    b) New CPS service and data flows required between existing components - caller, callee endpoints and gateways  etc for secure storage and validation of PASSportT objects
    c) Storing and Retrieving PASSporTs objects 
    d) Service discovery: Mechanism for CPS discovery

Given that the draft expects additional specification to actually deploy the new service I am assuming Manageability  consideration such as configuring and managing CPS, data models for providing operational state and fault notification for CPS data flows will be detailed in the future specifications. Also impact of the CPS on network and call setup will have to be covered in those additional specifications.