I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at < http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq> Please resolve these comments along with any other Last Call comments you may receive. Document: draft-ietf-siprec-protocol-16 Reviewer: Peter Yee Review Date: May-15-2015 IETF LC End Date: May-15-2015 IESG Telechat date: TBD Summary: This draft is almost ready for publication as a proposed standard but has open issues, described in the review. [Ready with issues] The draft specifies entities and a protocol using SIP, SDP, and RTP for recording communication sessions. It provides the ability to notify UAs that they are being recorded and for UAs to notify the recording system of their recording preference. The document is well written and has no obvious major technical issues. Major issues: None Minor issues: Page 7, section 5.2, 1st paragraph, 1st sentence: are there any concerns about the possibility of an SRC forging the metadata? It seems like the SRC could generate whatever metadata it wants and supply that in the RS. Page 21, section 8.1.4, last sentence: what does “appropriately”. Specify where is the appropriate interpretation defined or provide it here. Page 21, section 8.1.5, 2nd paragraph, 1st sentence: by “content” do you actually mean “context”? Or do you mean to the content of a SIPREC recording? Page 27, section 8.3.1, 2nd paragraph, 1st sentence: is there a specification for how the SRC is supposed to map each CS CNAME to an RS CNAME? If so, give a pointer to that specification. Page 30, section 9.1, 4th bullet item: unlike the other bullet items, this one is not a temporary wait before sending the metadata, but is rather a complete refusal to send certain metadata. As such, although related to the others, it would seem to be out of place within the set of bullet items. Page 38, section 12, 2nd paragraph, 3rd sentence: perhaps the word “effective” would be more appropriate than characterizing it as an “automatic” downgrade? Page 38, section 12.1, 1st paragraph, 2nd to last sentence: just because an SRS is compromised does not mean that it cannot be authenticated. It may very well be operating “correctly” and be able to authenticate, yet the compromise allows the attacker to obtain the (decrypted) RS. Authentication does not imply that the SRS you are talking to is not compromised. It only indicates the SRS possesses some form of credential that appears to identify it correctly. Page 39, last paragraph: I think this paragraph should mention (like the previous one) that a comparable level of security is required in this scenario as well. It’s not just a different key that’s going to be used, but it should be one of equivalent strength. Nits: NB: Anything below marked with an asterisk before the line is a technical change; the rest are purely editorial and of lesser importance. General: Put a comma after “e.g.” and “i.e.” throughout the document — it’s done inconsistently as it is. Maybe s/e\.g\. /e\.\g., / would do the trick and likewise for “i.e”. Replace “Recording aware” with “Recording-aware”. Specific: Page 4, section 1, 2nd sentence: change “accordance to” to “accordance with”. Page 5, last bullet item: insert “a” before “non-SIP”. Page 7, last paragraph, 2nd sentence: insert “the” before the 2nd “SRS”. Page 8, Figure 2, step 1: append “1” after “snapshot” for parallel construction. Page 10, section 6.1.2, 1st sentence: change “recording indication” to “recording indications”. Or, alternatively use “a recording indication” if there’s only one provided to all participants. Page 11, section 6.3, 1st sentence: insert “a” before “recording indication”. Page 12, 1st partial paragraph, 1st full sentence: delete an extraneous space before “IVR”. Page 12, 1st partial paragraph, 2nd full sentence: insert “a” before “user agent”. Page 12, section 7.1.1, 2nd paragraph, last sentence: change “contributes” to “contribute”. Page 12, section 7.1.1, 3rd paragraph, 1st sentence: insert “an” before “SRC”. Page 14, section 7.1.2, 1st paragraph, last sentence: insert “a” before “CS”. Page 15, section 7.2, 1st paragraph, 2nd sentence: insert “the” before “a=inactive”. Page 15, section 7.2, 1st paragraph, 3rd sentence: insert “the” before “a=recvonly”. Page 15, section 7.2, 1st paragraph, 3rd sentence: Would this sentence be more correct if rewritten for clarity as: "When the SRS is ready to receive recorded streams, the SRS sends a new SDP offer and sets the a=recvonly attribute in the media streams.”? Page 15, section 7.2, 2nd paragraph, 1st sentence: insert “an” before the first “SDP” and insert “the” before “SRS”. Page 16, 2nd paragraph, 1st sentence: insert “the” before the 2nd “SRS”. Page 16, 2nd paragraph, 2nd sentence: consider changing “with recorded streams” to “with the streams to be recorded” if that makes more sense. Page 19, section 8.1.1, 2nd item, 2nd paragraph: change the semicolon to a comma. Page 20, section 8.1.2, 1st paragraph, 1st sentence: move the comma before "[RFC5124]” to after that; do the same for “[RFC4585]”. Change “non encrypted” to “non-encrypted”. Page 20, section 8.1.2, 1st paragraph, 2nd sentence: move the comma before "[RFC3711]” to after that. Delete the comma after "RTP Profile for Audio and Video Conferences with Minimal Control”. Change “AVP” to "(RTP/AVP)”. Page 20, section 8.1.2, 1st paragraph, 3rd sentence: insert “RTP/“ before each of “SAVP” and “AVP”. Page 20, section 8.1.2, 2nd paragraph, 2nd sentence: change the space after “AVPF” to a hyphen. Page 20, section 8.1.3, 1st paragraph, 1st sentence: append a comma after “[RFC3550]”. Page 21, section 8.1.4, last sentence: change “sets” to “set”. *Page 22, section 8.1.7, last sentence: change “AVFP” to “AVPF”. Page 24, section 8.2, 1st paragraph, 2nd sentence: delete the comma after “to”. Page 30, section 9.1, 1st bullet item: insert “a” before the first “previous”. Insert “the SRC” before “cannot”. Insert “the” before the 2nd “previous”. Page 30, last paragraph, 1st sentence: change “an” to “a” before “200”. Page 31, 2nd paragraph, 2nd sentence: append “.,” after “e.g”. Page 32, section 9.2, 2nd paragraph, 2nd sentence: delete “for”. Page 33, last paragraph, 2nd sentence: Why not state this in the affirmative: “Any subsequent partial updates will only be dependent on the metadata sent in this full metadata snapshot and any intervening partial updates.” Page 34, section 9.2.1, 1st paragraph: change “augmented” to “Augmented”. Change “BNF” to “ABNF”. Page 34, section 9.2.1, definition: change “RFC3261” to “RFC 3261”. Page 34, section 10, 1st paragraph, 3rd sentence: insert “a” before “new SDP”. Page 34, section 10, 2nd paragraph, 3rd sentence: change “solves” to “solve”. Page 35, section 11.1.1, description, 1st sentence: insert “that” before “the SIP”. Page 35, section 11.1.1, description, 3rd sentence: change “UAS” to “UA”. Page 35, section 11.1.2, description: change all occurrences of “media level” and “session level” to “media-level” and “session-level”, respectively. Page 35, section 11.2.1, 1st paragraph: change the 2nd “for” to “of a”. Page 36, section 11.2.2, 1st paragraph: change the 2nd “for” to “of a”. Page 38, section 12, 1st paragraph, 1st sentence: delete the comma after “therefore”. Page 40, section 12.4, last sentence: append a comma after “simple”.