I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at . Document: draft-ietf-stir-cert-delegation-03 Reviewer: Ines Robles Review Date: 2020-08-26 IETF LC End Date: 2020-08-26 IESG Telechat date: Not scheduled for a telechat Summary: This specification details how that authority can be delegated from a parent certificate to a subordinate certificate. This supports a number of use cases where callers want to use a particular calling number, but for whatever reason, their outbound calls will not pass through the authentication service of the service provider that controls that numbering resource, it includes also those where service providers grant credentials to enterprises or other customers capable of signing calls with Secure Telephone Identity Revisited (STIR). I have some minor suggestions/questions to the authors. Major issues: None Minor issues: 1-Introduction Section: "..., including various forms of robocalling, voicemail hacking, and swatting..." --> should a reference to RFC7375 be added here? 2- It would be nice to add in Terminology section: - delegation: the concept of delegation and its levels are defined in RFC8226. - definition for "legitimate spoofing". I understand that the draft explain it with an example. 3- It would be nice to add references to concepts, e.g. cA boolean --> cA boolean [rfc5280#section-4.2.1.9] "x5u" link -> "x5u" (X.509 URL) [RFC7515#section-4.1.5] link 4- Section 4: It would be nice to add graphics explaining the process. E.g. can be used as a model the images displayed in https://access.atis.org/apps/group_public/download.php/47134/IPNNI-2019-00043R000.pdf or https://niccstandards.org.uk/wp-content/uploads/2019/03/ND1522V1.1.1.pdf 5- Section 5:"Authentication service behavior for delegate certificates is little changed from [RFC8224] STIR behavior" --> It is not clear to me what are the little changes. Additionally, how you quantify little/big changes?, maybe something like?: "Authentication service behavior varies from STIR behavior [RFC8224] as follows:...." 6- Section 8.1: Should the picture displayed in https://www.ietf.org/proceedings/104/slides/slides-104-stir-certificate-delegation-00--Slide 5 be added here? 7- Security Consideration section: should a reference to RFC7375 be added here? Nits/editorial comments: 8- Expand the first time: JWS -> JSON Web Signature (JWS) Thank you for this document, Ines.