Last Call Review of draft-ietf-stir-rfc4474bis-14
review-ietf-stir-rfc4474bis-14-secdir-lc-xia-2016-10-27-00

Hello,



I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
 directors.  Document editors and WG chairs should treat these comments just
 like any other last call comments.





This document defines a mechanism for securely identifying originators of SIP
requests. It does so by defining a SIP header field for conveying a signature
used for validating the identity, and for conveying a reference
 to the credentials of the signer.





In general, this draft is the update of previous RFC4474 with some improvements
like: better support of telephone numbers as identifiers, reducing the material
scope of the Identity signature to those not changed by the
 intermediaries, replacing previous signed-identity-digest format with PASSporT
 (signing algorithms now defined in a separate specification) and so on. This
 draft already includes a very comprehensive and detailed consideration about
 privacy and security threats, I have no more security issues in addition to
 them.





Summary: this document appears in reasonably good shape, and is written well. I
think it is ready.





Thanks!



B.R.

Frank