I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. Document editors and WG chairs should treat these comments just like any other last call comments. This draft provides SIP capabilities (a load control event package) for filtering calls with the intent of better handling overload conditions. As you might expect for an extension to an existing protocol, there are many references to existing SIP RFCs. The Security Considerations Section appears to be adequate. It references RFCs 6665 and other sections of the draft and seems to summarize relevant threats. Minor points: The introductions (Section 1) give examples of anticipatable and unanticipatable causes of overload. I find it curious that denial of service attacks are not listed as a possible cause of unanticipated overload. In Section 10, in answer to REQ 17, there is a reference to Section 10 that, I believe, should be to Section 11. Editorial: Section 4 begins with what is said to be a list of requirements. And I think almost all of them are. But the first item is just not worded as a requirement. It says "... we focus ...". To be a requirement on the solution it should talk about the solution, not the authors. I think, it should be more like "For simplicity, the solution should focus on a method of controlling SIP load, rather than a generic application layer mechanism." Misc: The document contains lots of XML that I did not run through any formal syntax check. Thanks, Donald ============================= Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3 at gmail.com