> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the IESG.
> These comments were written primarily for the benefit of the security area
> directors.  Document editors and WG chairs should treat these comments just
> like any other comments.
>

The above mentioned draft describes the RTP payload format of the "Secure
Communication Interoperability Protocol" as audio and video media subtypes,
with corresponding media subtype definitions.

While the draft as such only provides the payload formats, it seems strange
to have an Internet-Draft fully dependent on a protocol which isn't even
referenced in the memo. SCIP is mentioned several times, but there's no
reference to the definition of the protocol. The only reference is to a
"SCIP SIgnaling Plan", but access to that document appears to require an
email-based request to a NATO email address. Should such a document become
a Standards-track RFC?

The Security Considerations section only talks about possible complexity
introduced by the new media subtypes, which may be adequate, but does not
discuss general considerations to take in the context of supporting SCIP.
To my earlier comment, if SCIP itself isn't readily available, there seems
to be a gap here.

Thanks,
-- Magnus