I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors.  Document editors and WG chairs should treat these
comments just like any other last call comments.

This draft defines a credential service that allows SIP user
agents store their certificates and to retrieve the certificates of 
other users. These user agents certificates are not required to be signed
by well known certificate authorities and can possibly be self-signed. 
The mechanism leverages on the SIP Identity framework to provide the
required features. 

I have found this document to be especially well written and easily 
understandable, even by a non-SIP expert such as myself. The security 
considerations section is comprehensive and seems to analyze the
protocol adequately.

--julien