Thanks for these notes Phillip. I added some text to address your second point to the Security Considerations text. As to the first, regarding Alice and Bob, I believe the usage here is consistent with IETF practice, as misguided as that may be, and I don't think amending it would clarify anything. Jon Peterson Neustar, Inc. On 11/30/19, 6:06 PM, "Phillip Hallam-Baker via Datatracker" <noreply@xxxxxxxx> wrote: Reviewer: Phillip Hallam-Baker Review result: Has Issues Section 1: Introduction "If Alice calls Bob, for example, Bob might attempt to ..." Alice, Bob and Carol are people. People do not emit JSON strings, create signatures or do any of the things they are described as being engaged in. Only the machines the people might possess can do such things. Anthropomorphising Turing machines results in language that is hard to follow at best and renders any attempt to consider UI issues impossible. Section 12: Security Considerations Is this going to create new means of injecting spam? It looks like it might. Consider the case in which Sue the spammer sets up a single genuine call between X and Y, then creates forwarding associations for 10,000 endpoints Z0-9999. Also consider reflection type attacks in which callers responding to spam have their numbers harvested for spoof source addresses for further spam. -- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call