Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready with nits. Overall, the document is well written and, as I disregard yet another call from a number that's suspiciously very like my own number, will probably be very useful. Nit 1 - The next to last paragraph of the Security Considerations section says that "a UAS SHOULD NOT trust the information in the "Call-Info" header field unless the SIP session between the entity inserting the header field and the UAS is protected by TLS [RFC8446]." Perhaps it would be more appropriate to include a qualification that a certificate offered by the entity must be authenticated. This would prevent rogue entities with self-signed certificates from attempting to insert a header field. Or perhaps there are more appropriate measures in SIP to prevent that. (I'm just not altogether that familiar with SIP to say.) Nit 2 - (Very minor typo nits): In the last paragraph in the Security Considerations section "mislead" should be "misled"; "only be added calls" should be "only be added to calls". Best regards, Chris