I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. Please resolve these comments along with any other Last Call comments you may receive. Document: draft-ietf-cuss-sip-uui-reqs-06 Reviewer: Ben Campbell Review Date: 2011-10-12 IETF LC End Date: 2011-10-13 Summary: This draft is almost ready for publication as an informational RFC. I have a few minor questions and comments that may be worth addressing first. Major issues: None Minor issues: -- section 1, 2nd paragraph, last sentence: "In particular, this mechanism creates no requirements on intermediaries such as proxies." What about SBCs, B2BUAs, etc? -- REQ-4: "… any other form of redirection of the request." "Any other form" seems a pretty strong statement. What about a b2bua doing weird stuff? -- REQ-8: "If the UAS does not understand the UUI mechanism, the request will fail." Based on the routing requirement, shouldn't that say that if the request cannot be routed to a UAS that understands the UUI mechanism, the request will fail? -- REQ-12: What degree of certainty is required here? (i.e. strong identity?) If implied by the SIP dialog, does that impact expectations on what sort of authn must happen at the SIP layer? -- REQ 13: I'm not sure I understand how this interacts with the ability for intermediaries to remove UUI. Should this be detectable by the endpoints? Or is that ability limited to the hop-by-hop case, or require no integrity protection? Nits/editorial comments: -- section 4, 2nd paragraph: "The UUI mechanisim should support both of these approaches" Should that be a numbered requirement? You've got requirements to support e2e and hop-by-hop, but no requirement that mentions SIP layer vs application layer. _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf