Last Call Review of draft-campbell-sip-messaging-smime-03
review-campbell-sip-messaging-smime-03-secdir-lc-xia-2018-10-08-00

Request Review of draft-campbell-sip-messaging-smime
Requested rev. no specific revision (document currently at 04)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2018-10-10
Requested 2018-09-12
Other Reviews Genart Last Call review of -03 by Peter Yee (diff)
Review State Completed
Reviewer Liang Xia
Review review-campbell-sip-messaging-smime-03-secdir-lc-xia-2018-10-08
Posted at https://mailarchive.ietf.org/arch/msg/secdir/wpgbtpnAnCMRstXnjKgOClosuUM
Reviewed rev. 03 (document currently at 04)
Review result Ready
Draft last updated 2018-10-08
Review completed: 2018-10-08

Review
review-campbell-sip-messaging-smime-03-secdir-lc-xia-2018-10-08

In general, this draft is clear and well written.

I have 2 comments as below:
1. For Section 6, is it required to protect the UA capabilities negotiation messages? Have you considered the possible downgrade attack, like: the adversary tampered the UA capabilities negotiation message to make the UA work without s/mime? 

2. For Section 12, is there any general way to defend against the attacks from malicious or compromised intermediaries mentioned in this section? Maybe some guidances are helpful here.