-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This BCP-track document talks about potential information-leakage resulting from the use of variable bit rate audio codecs with secure RTP. The document is well written and clearly explains the situations where information-leakage can occur. The most realistic scenario presented is eavesdropping on an RTP audio stream where one endpoint is an IVR or other automated voice systems that use pre-recorded messages. The only think I missed was a discussion (perhaps in the security section) about the risk of negotiating parameters (eg VAD) which could lead to increased risk of information-leakage, however this is perhaps a minor issue. Leif -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6cvZcACgkQ8Jx8FtbMZnfdrQCeInYzkao2scRc5I2WWAbb7mvt dlIAn2iH6v1atyye5ky4xiJGNU4AVq2K =O/yj -----END PGP SIGNATURE-----