Last Call Review of draft-ietf-stir-rfc4474bis-14

Request Review of draft-ietf-stir-rfc4474bis
Requested rev. no specific revision (document currently at 16)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2016-11-01
Requested 2016-10-20
Authors Jon Peterson, Cullen Jennings, Eric Rescorla, Chris Wendt
Draft last updated 2016-10-27
Completed reviews Genart Last Call review of -14 by Vijay Gurbani (diff)
Secdir Last Call review of -14 by Liang Xia (diff)
Assignment Reviewer Liang Xia
State Completed
Review review-ietf-stir-rfc4474bis-14-secdir-lc-xia-2016-10-27
Reviewed rev. 14 (document currently at 16)
Review result Ready
Review completed: 2016-10-27




I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area
 directors.  Document editors and WG chairs should treat these comments just like any other last call comments.



This document defines a mechanism for securely identifying originators of SIP requests. It does so by defining a SIP header field for conveying a signature used for validating the identity, and for conveying a reference
 to the credentials of the signer.



In general, this draft is the update of previous RFC4474 with some improvements like: better support of telephone numbers as identifiers, reducing the material scope of the Identity signature to those not changed by the
 intermediaries, replacing previous signed-identity-digest format with PASSporT (signing algorithms now defined in a separate specification) and so on. This draft already includes a very comprehensive and detailed consideration about privacy and security threats,
 I have no more security issues in addition to them.



Summary: this document appears in reasonably good shape, and is written well. I think it is ready.