This document with an intended status BCP describes best practices for negotiating confidential media with SIP which include two approaches: comprehensive protection solutions which bind the media to SIP-layer identities, and opportunistic security solutions. The document is Ready from an OPS-DIR point of view. As the document does not define new protocols but rather refers existing specifications, a full RFC 5706 review does not apply. I have two non-blocking comments from an operational point of view: 1. The two approaches seem to differ from several aspects including the maturity of the specification. Comprehensive protection relies on a set of stable RFCs, while opportunistic solutions refer two work-in-progress IDs. It would be useful to mention this, and maybe include a comparative list of features which would help in selecting the appropriate solution from case to case 2. We are missing in the SIP realm some documentation about the impact of applying the various confidentiality approaches on manageability. For example is observability impacted? Can session statistics be retrieved and error condition signaled? Do approaches like RTCP-XR still apply? Maybe this BCP can be a good place for such an operational consideration section.