Thanks for the commens see below. Regards Andy > -----Original Message----- > From: Jari Arkko [mailto:jari.arkko@xxxxxxxxx] > Sent: 26 May 2015 12:31 > To: Peter Yee > Cc: draft-ietf-siprec-protocol.all@xxxxxxxxxxxxxx; gen-art@xxxxxxxx; > IETF Discussion Mailing List > Subject: Re: Gen-ART LC review of draft-ietf-siprec-protocol-16 > > Thank you for your extensive review, Peter. > > Authors, do you have thoughts on Peter's questions? FWIW > I thought these at least were important points: > > > Page 21, section 8.1.5, 2nd paragraph, 1st sentence: by "content" do > you > > actually mean "context"? Or do you mean to the content of a SIPREC > > recording? > ... I think this should really be "context" so should be changed. > > Page 38, section 12, 2nd paragraph, 3rd sentence: perhaps the word > > "effective" would be more appropriate than characterizing it as an > > "automatic" downgrade? > > Good comment "effective" would be a better wording. > > Page 38, section 12.1, 1st paragraph, 2nd to last sentence: just > because > > an SRS is compromised does not mean that it cannot be authenticated. > It > > may very well be operating "correctly" and be able to authenticate, > yet > > the compromise allows the attacker to obtain the (decrypted) RS. > > Authentication does not imply that the SRS you are talking to is not > > compromised. It only indicates the SRS possesses some form of > credential > > that appears to identify it correctly. Cannot argue with that and probably we should remove the sentence starting "The risk of not authenticating the SRS...". > > Jari