I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes the reason why implicit service identification is preferable of explicit service identification. From a security point of view I agree with this since explicit identification introduces a mapping layer which can be a place where security vulnerabilities can creep in. I thought the security considerations were a bit light since implicit identification still requires the participants to validate, perhaps authenticate and authorize, the signaling information that they are using to identify the service. The secure validation of SIP signaling should be covered in other documents, perhaps a reference to their security consideration should be included. For example, the document mentions that the URI can be a critical piece in determining the service identity: what document describes how to authenticate and authorize this URI down to the level of granularity needed to differentiate service identity? I don't think it is necessary to provide links to means for validating every possible piece of signaling information, but links to the main mechanisms used in across different scenarios would be good.