[apps-discuss] Apps Area Review team review: draft-ietf-martini-gin-10.txt

Ted Hardie <ted.ietf@gmail.com> Tue, 30 November 2010 22:10 UTC

Return-Path: <ted.ietf@gmail.com>
X-Original-To: apps-discuss@core3.amsl.com
Delivered-To: apps-discuss@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B67253A6C8E; Tue, 30 Nov 2010 14:10:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.142
X-Spam-Level:
X-Spam-Status: No, score=-2.142 tagged_above=-999 required=5 tests=[AWL=-0.143, BAYES_00=-2.599, J_CHICKENPOX_83=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5fT29UaB27wv; Tue, 30 Nov 2010 14:10:13 -0800 (PST)
Received: from mail-qw0-f44.google.com (mail-qw0-f44.google.com [209.85.216.44]) by core3.amsl.com (Postfix) with ESMTP id 64A843A6C43; Tue, 30 Nov 2010 14:10:13 -0800 (PST)
Received: by qwg5 with SMTP id 5so5187279qwg.31 for <multiple recipients>; Tue, 30 Nov 2010 14:11:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=7lzQ5XeeMoRAALJBRwoaLX3DYpQHzParIhus88oZHxY=; b=MzjTNh2nhqZACMB/eSdiHqS7XcVDACxPPR37ZB4lrvt+P1jYLYblSu9x6Glcbk5ytc of7S6J1BTe8XpIxroZOkgz44u8oYZO+pFCfTxTDxNR4JMvgMr0PN8WCinwIeEqBKweym eONp4KR9nUNeRXh8rgFYHhPLkNeqj/VK07FLk=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=n0XtXGapeiJbABMdRa2oH5z+ONjPwuy3pksZUUFtjEaoM7lrS8s98tOk15CA+tafoy g7F4W1uyBLhhMaJ0e6dsXmcUXaavpVjoKDJa3DMgexup7vJnPuJwhv0PkRsG0Bxwqe9Q NB2PjiK3Unp0XSQ7Kw7AxIpee6YpCyhhbGVQI=
MIME-Version: 1.0
Received: by 10.229.214.73 with SMTP id gz9mr6585592qcb.226.1291155085168; Tue, 30 Nov 2010 14:11:25 -0800 (PST)
Received: by 10.229.222.80 with HTTP; Tue, 30 Nov 2010 14:11:25 -0800 (PST)
Date: Tue, 30 Nov 2010 14:11:25 -0800
Message-ID: <AANLkTi=pF9d0z3vQYAq+mPrpSiDK9OZzVPkE84W+-qGp@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
To: Apps Discuss <discuss@ietf.org>, adam@nostrum.com, Bernard Aboba <bernard_aboba@hotmail.com>, Spencer Dawkins <spencer@wonderhamster.org>, IESG <iesg@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Subject: [apps-discuss] Apps Area Review team review: draft-ietf-martini-gin-10.txt
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Nov 2010 22:10:14 -0000

I have been selected as the Applications Area Review Team reviewer for
this draft
(for background on apps-review, please see
http://www.apps.ietf.org/content/applications-area-review-team)
Please resolve these comments along with any other Last Call comments
you may receive.
Please wait for direction from your document shepherd or AD before
posting a new version of the draft.

Document: draft-ietf-martini-gin-10.txt
Title: Registration for Multiple Phone Numbers in the Session
Initiation Protocol (SIP)
Reviewer:Ted Hardie
Review Date: November 30, 2010

Summary: This draft is ready for publication as a proposed standard,
with a few editorial issues
which the author or working group may wish to consider.

Major Issues: None identified.

Minor Issues:

In the "Constraints" section, the document notes:

  The following paragraph is perhaps the most important in
   understanding the reasons for the design decisions made in this
   document.

   Within the problem space that has been established for this work,
   several constraints shape our solution.  These are defined in the
   MARTINI requirements document [18].  In terms of impact to the
   solution at hand, the following two constraints have the most
   profound effect: (1) The SIP-PBX cannot be assumed to be assigned a
   static IP address; and (2) No DNS entry can be relied upon to
   consistently resolve to the IP address of the SIP-PBX.

I suggest augmenting the pointer to the requirements document
here with a pointer to Appendix A, which helpfully lists how
the document meets the requirements (note however that the
Appendix apparently elides requirements 18, 19, and 20 without
comment).  Given the existence of appendix A, I am not personally
certain I see the need for the first of the two paragraphs.

In section 5.1, the document says:

  The "bnc" URI parameter indicates that special interpretation of the
   Contact URI is necessary: instead of representing a single, concrete
   Contact URI to be inserted into the location service, it represents
   multiple URIs (one for each associated AOR), semantically resulting
   in multiple AOR-to-Contact rows in the location service.

Saying that the URI parameter represents multiple URIs will bend
the brain of URI folks a bit, and the later text in 5.2 avoids this
same issue:

   After the SIP-PBX is authenticated, the registrar
   updates its location service with a unique AOR-to-Contact mapping for
   each of the AORs associated with the SIP-PBX.  Semantically, each of
   these mappings will be treated as a unique row in the location
   service.  The actual implementation may, of course, perform internal
   optimizations to reduce the amount of memory used to store such
   information.

I suggest using similar language for the 5.1 text, for example:

  The "bnc" URI parameter indicates that special interpretation of the
   Contact URI is necessary: instead of indicating the insertion of a single
   Contact URI into the location service, it indicates that
   multiple URIs (one for each associated AOR) should be inserted.

Section 7.4 contains two elements which it may be appropriate to consider
for inclusion in the Security Considerations.  The first of these is that
proxies will not be able to apply policy decisions on as granular a basis as
before:

   Proxies will be unable to make policy decisions on a
   contact-by-contact basis regarding whether to include themselves in
   the path.  Second, and similarly, all AORs on the SIP-PBX that are
   registered with a common REGISTER request will be forced to share a
   common Service-Route.

Would this extend to proxies including themselves for the purposes of
CALEA?  If so, this might be a privacy issue.  Similarly,  this text:

   This token or cookie may convey information
   to proxies about the identity, capabilities, and/or policies
   associated with the user.  Since this information will be shared
   among several AORs and several Contacts when multiple AOR
   registration is employed, care should be taken to ensure that doing
   so is acceptable for all AORs and all Contacts registered in a single
   REGISTER request.

might properly be considered in the privacy portion of a Security
Considerations section.  Back pointers to one or both sections may
be appropriate if the author or WG concur.

In the IANA registrations, IANA lists RFC 5727 as a governing
document along with the ones listed by this draft; including it
and a reference may be appropriate.