I reviewed this document as part of the Security Directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the Security Area
Directors.  Document authors, document editors, and WG chairs should
treat these comments just like any other IETF Last Call comments.

Document: draft-ietf-wish-whip-13
Reviewer: Russ Housley
Review Date: 2024-03-15
IETF LC End Date: 2024-04-04
IESG Telechat date: Unknown

Summary: Has Issues


Major Concerns: None


Minor Concerns:

Figures 2, 3, and 4 are not referenced from body of the document.  It is
best to include a reference in the body that offers some description of what
the reader is expected to learn from the figure.  When I as a Security AD,
the other Security AD was blind.  The text-to-audio system that he used was
surprisingly good, but it could not handle ASCII art.  The discussion of
the figures was vital to him being able to understand a document.  Please
help readers that depend on such tools.

Section 4.2 says:

   In order to reduce the complexity of implementing WHIP in both
   clients and Media Servers, WHIP imposes the following restrictions
   regarding WebRTC usage:

I think it would be more clear to say that each of the following subsections
discuss restrictions for WebRTC usage.


Nits:

IDnits offers these complaints:

 ** There are 15 instances of too long lines in the document, the longest
    one being 45 characters in excess of 72.

 == There are 2 instances of lines with non-RFC6890-compliant IPv4 addresses
    in the document.  If these are example addresses, they should be changed.

 -- The document has examples using IPv4 documentation addresses according
    to RFC6890, but does not use any IPv6 documentation addresses.  Maybe
    there should be IPv6 examples, too?