Last Call Review of draft-ietf-sipcore-sip-token-authnz-12

Request Review of draft-ietf-sipcore-sip-token-authnz
Requested rev. no specific revision (document currently at 17)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2020-04-15
Requested 2020-04-01
Authors Rifaat Shekh-Yusef, Christer Holmberg, Victor Pascual
Draft last updated 2020-04-13
Completed reviews Secdir Last Call review of -12 by Derrell Piper (diff)
Genart Last Call review of -12 by Linda Dunbar (diff)
Assignment Reviewer Linda Dunbar
State Completed
Review review-ietf-sipcore-sip-token-authnz-12-genart-lc-dunbar-2020-04-13
Posted at
Reviewed rev. 12 (document currently at 17)
Review result Ready with Nits
Review completed: 2020-04-13


I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at


Document: draft-ietf-sipcore-sip-token-authnz-12
Reviewer: Linda Dunbar
Review Date: 2020-04-13
IETF LC End Date: 2020-04-15
IESG Telechat date: Not scheduled for a telechat

  This document describes the scheme for SIP User Agent Client to get authentication from the Authentication Server. The scheme is straightforward and intuitive. 

Major issues: None

Minor issues: None

Nits/editorial comments:

Some editorial issues:
Section 1.4.1: the first paragraph is very confusing. The steps after the figure is much clear on what to be done. It is better to delete the the sub-phrase "... where the registrar informs the UAC about the authorization ... ". The actual step is actually the UAC sends the request to Registrar and get the response .. as described in the steps after the Figure. 

Section 2.1.2 the paragraph before the last one (Page 8), I can' parse the sentence. What do you want to say? 

"If the UAC receives a 401/407 response with multiple WWWAuthenticate/
Proxy-Authenticate header fields, providing challenges
using different authentication schemes for the same realm, the UAC
provides credentials for one or more of the schemes that it supports,
based on local policy."

Section 2.1.3: What is AOR? 

Linda Dunbar