Document: draft-ietf-sip-certs-07.txt
Reviewer: Suresh Krishnan
Review Date: 28-January-2009
IETF LC End Date: 26-January-2009


Summary: This draft is almost ready for publication as Proposed Standard, but I have a few comments.

Substantial
===========

* Section 3 deployment scenario 3

How is the password phrase conveyed to the UA if the credential server generates the credentials?

* Section 7.6

It is not clear if a UA that PUBLISHES a credential will also subsequently SUBSCRIBE in case the credentials are updated from another device.

* Section 7.9

I think it needs to be mentioned here that the initial publish will not contain a SIP-If-Match header as there is no previous etag. If a SIP-If-Match header is required even for an initial request, the example in section 8.2 needs to be updated.

* Section 9.1

This section does not cover the relationship between the subscription duration and the certificate cache duration. It would be nice if you can add some text here to say that the UA MUST NOT cache the certificates for a period longer than that of the subscription. This way the UE can be notified of any revocations or changes in the certificate.


Editorial
=========

* Intended status is missing (I understand this is targeting Proposed Standard based on the tracker)

* Please fix these obsolete references
   -  RFC 3268 (Obsoleted by RFC 5246)

   -  RFC 4366 (Obsoleted by RFC 5246)