[APPS-REVIEW] Review of draft-ietf-sip-body-handling-00.txt

[Dave Crocker <dcrocker@bbiw.net>]

This is a review of draft-ietf-sip-body-handling-00.txt.



The document states that its goal is to 'clarify' the handling of message
bodies in SIP and to mandate details of MIME "encoding" of bodies.

On their face, both of these are worthy tasks, with a history of having been
useful when provided for other protocols.

The current draft seems to mix a number of activities:

    1. Basic tutorial coverage of material from other specifications.
Sometimes this is quite basic.  Its inclusion raises the question of what
required background is expected of readers?  If very basic material is
needed, why is there relatively little of it?  It might help for the document
to make an explicit statement about the background that is expected of the
reader, and the types of simple pedagogy that are included (and why).  That
is, where is the reader expected to start from and where will this document's
purely instructional material take the reader to?

    2. Clarification in the sense of pointing out key aspects of other
specifications that are relevant to the handling of SIP message bodies,
possibly including statements about non-obvious implications.  In effect, this
type of material is also instructional, but not about the basics.  Rather than
essentially regurgitating or restating existing material, as Activity #1 does,
this type of material, documents implications that are not obvious and well
might not have been written before.  (This is exactly the added insight that
experience provides, of course, and is what motivates documents like this.)

    3. Assertion of normative specification details. These might fix problems,
expand functionality, or adapt the functionality to the idiosyncrasies of the
SIP environment.

All 3 activities can provide significant assistance.

I suppose that the document seeks to do a job for SIP that is similar to what
RFC1123/RFC1122 did for a variety of protocols in the late 1980s?





General Comments
================


The document mixes its 3 activities, which I found confusing. Sometimes
there seems to be normative intent, without normative language and sometimes
there is normative language (should or may) without normative intent.

When there appears to be normative intent, I assume that the document is
trying to build upon details from other, existing specifications, but the
document does not cite the specific sections of text that it is modifying or
building upon.

Sometimes I was not sure which activity a given segment of text was attempting
to perform.  I suspect the document will benefit from some re-organization,
according the the activity being performed.  A sequence of basic pedagogy,
followed by new insights and implications, followed by refining or modifying
normative specification could make things much clearer to the reader.

In general, it appears that SIP has taken MIME constructs and profiled them
into an incompatible, overlap with email MIME, just as Web MIME did, but
possibly more dramatically.  To the extent that SIP's use of MIME is
incompatible with nearly 15 years of using MIME for email (and the web) the
document should probably make explicit statements about the differences.  If
these are already stated elsewhere, the document should cite the relevant text.

Offhand, I'd guess it would help to explain the reasons for the
incompatibilities, so that readers do not assume that the choices were
arbitrary.  (This is a version of explaining implications that is not in the
current document but that I think fits into its goal nicely.)

On the open matter of constraints about when MIME references are allowed, I do
not have a resolution to recommend. I think it needs to be determined by a
clear statement of the requirements/constraints that are causing the issue to
be an issue. The thread I read covered some of this, but I did not see working
group consensus on a summary.

That is, if you are going to change from the pre-existing use of MIME
references, there are processing concerns that prompt the change.  They should
be documented and maybe rank-ordered.

In effect, you need to say how SIP is providing a different environment in
which references are being used and, therefore, what constraints this
different environment is imposing.





Detailed Comments
=================


I'll apologize for choosing to include the entire document.  I decided that
this makes it much easier to see the context of the comments.  In addition,
comments occur regularly enough so that trying to cut out bits would not
shorten things much...



> SIP Working Group                                           G. Camarillo 
> Internet-Draft                                                  Ericsson 
> Expires: March 1, 2008                                   August 29, 2007
> 
> 
> Message Body Handling in the Session Initiation Protocol (SIP) 
> draft-ietf-sip-body-handling-00.txt
> 
> Status of this Memo
> 
> By submitting this Internet-Draft, each author represents that any 
> applicable patent or other IPR claims of which he or she is aware have been
>  or will be disclosed, and any of which he or she becomes aware will be 
> disclosed, in accordance with Section 6 of BCP 79.
> 
> Internet-Drafts are working documents of the Internet Engineering Task 
> Force (IETF), its areas, and its working groups.  Note that other groups 
> may also distribute working documents as Internet- Drafts.
> 
> Internet-Drafts are draft documents valid for a maximum of six months and 
> may be updated, replaced, or obsoleted by other documents at any time.  It
>  is inappropriate to use Internet-Drafts as reference material or to cite 
> them other than as "work in progress."
> 
> The list of current Internet-Drafts can be accessed at 
> http://www.ietf.org/ietf/1id-abstracts.txt.
> 
> The list of Internet-Draft Shadow Directories can be accessed at 
> http://www.ietf.org/shadow.html.
> 
> This Internet-Draft will expire on March 1, 2008.
> 
> Copyright Notice
> 
> Copyright (C) The IETF Trust (2007).
> 
> Abstract
> 
> This document clarifies how message bodies are handled in SIP.

"Clarifies" implies states implications.


> Additionally, it discusses to which degree SIP user agents need to support
>  MIME (Multipurpose Internet Mail Extensions)-encoding of body parts.

      CHANGE last sentence:

      -->  Additionally, it specifies SIP user agent support for MIME in
message bodies.

(More direct statement.  This is normative. /d)


> 
> 
> 
> 
> 
> 
> 
> Camarillo                 Expires March 1, 2008                 [Page 1]  
> Internet-Draft        Message Body Handling in SIP           August 2007
> 
> 
> Table of Contents
> 
> 1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3 2. 
> Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  3 3. 
> Multipart Message Bodies . . . . . . . . . . . . . . . . . . .  3 3.1. 
> General Considerations . . . . . . . . . . . . . . . . . .  4 3.2.  Body 
> Generation  . . . . . . . . . . . . . . . . . . . . .  5 3.3.  UAS Behavior
>  . . . . . . . . . . . . . . . . . . . . . . .  5 4.  Message-body and 
> Body-part Disposition . . . . . . . . . . . .  6 4.1.  Body Generation  . .
>  . . . . . . . . . . . . . . . . . . .  7 4.2.  Body Processing  . . . . . 
> . . . . . . . . . . . . . . . .  8 4.3.  UAS Behavior . . . . . . . . . . .
> . . . . . . . . . . . .  9 5.  Guidelines to Authors of SIP Extensions  . .
> . . . . . . . . .  9 6.  Security Considerations  . . . . . . . . . . . . .
> . . . . . . 10 7.  Acknowledgements . . . . . . . . . . . . . . . . . . . .
> . . . 11 8.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .
> 11 9.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 11 
> 9.1.  Normative References . . . . . . . . . . . . . . . . . . . 11 9.2. 
> Informational References . . . . . . . . . . . . . . . . . 12 Author's 
> Address . . . . . . . . . . . . . . . . . . . . . . . . . 12 Intellectual 
> Property and Copyright Statements . . . . . . . . . . 13
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Camarillo                 Expires March 1, 2008                 [Page 2]  
> Internet-Draft        Message Body Handling in SIP           August 2007
> 
> 
> 1.  Introduction
> 
> SIP [RFC3261] messages consist of an initial line (request line in requests
>  and status line in responses), a set of header fields, and an optional 
> message body.  The message body is described using header fields such as 
> Content-Disposition, Content-Encoding, and Content- Type, which provide 
> information on its contents.

This last sentence implies that you can have a body without MIME, although
MIME defines Content-* fields.  So SIP uses MIME-like Content-* fields,
without a MIME body?


> The message body of a SIP message can be divided into various body parts. 
> Multipart message bodies are encoded using the MIME (Multipurpose Internet
>  Mail Extensions) [RFC2045] format.  Body parts are also described using 
> header fields such as Content-Disposition, Content-Encoding, and 
> Content-Type, which provide information on the contents of a particular 
> body part.
> 
> Section 3 discusses issues related to the handling of multipart message 
> bodies in SIP.  Section 4 discusses issues related to the disposition of 
> message bodies and body parts in SIP.
> 
> 
> 2.  Terminology
> 
> The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 
> "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 
> document are to be interpreted as described in [RFC2119].
> 
> 
> 3.  Multipart Message Bodies
> 
> [RFC3261] did not mandate support for multipart message bodies in MIME 
> format [RFC2046].  However, since [RFC3261] was written, many SIP 
> extensions rely on them.  Therefore, this specification updates [RFC3261]'s
>  recommendation regarding support for multipart MIME bodies.

I think it does not "update" that specification, so much as to assert a
profile of constraints on it.  In other words, some of this document is a
kind of Applicability Statement (which might constitute a 4th activity...

If, in fact, this is a true update to the core SIP specification, please cite
what parts of the original specification are being changed. It would also help
to have a technical summary of the changes being made.


> It is expected that most SIP UAs will implement extensions that require 
> them to generate 'multipart/mixed' MIME bodies.  An example

Stylistic point:  Specifications which assert "it is expected that" are
usually wrong.  They are predicting the future, usually without need.
Specifications should specify.  Predicting the future is distracting.

What I believe is sufficient is merely to state "In order to support
extensions that require SIP UAs to generate..."


> of such an extension would be the inclusion of location information in an 
> INVITE request.  Such an INVITE request would use the 'multipart/mixed' 
> MIME type to carry two body parts: a session description and a location 
> object.  An example of an existing extension that uses 'multipart/mixed' to
>  send a session description and a legacy-signalling object is defined in 
> [RFC3204].

This seems to scream for use of /related rather than /mixed.


> Another MIME type a number of SIP UAs will need to generate is

"will need to generate"?  Is this normative or merely predictive?  If the
former, please write it that way.  If the latter, the language along the lines
of "might generate". d/)


> 'multipart/alternative'.  Each body part within a 'multipart/ alternative'
>  carries an alternative version of the same information. The body parts are
>  ordered so that the last one is the richest
> 
> 
> 
> Camarillo                 Expires March 1, 2008                 [Page 3]  
> Internet-Draft        Message Body Handling in SIP           August 2007
> 
> 
> representation of the information.  This way, the recipient of a 
> 'multipart/alternative' body chooses the last body part it understands.
> 
> Note that within a body part encoded in a given format (i.e., of a given 
> content type), there may be optional elements that may provide richer 
> information to the recipient in case the recipient supports them.  For 
> example, in SDP (Session Description Protocol) [RFC4566], those optional 
> elements are encoded in 'a' lines. These types of optional elements are 
> internal to a body part and are not visible at the MIME level.  That is, a
>  body part is understood if the recipient understands its content type, 
> regardless of whether or not the body part's optional elements are 
> understood.
> 
> Note as well that each part of a 'multipart/alternative' body represents 
> the same data, but the mapping between any two parts is not necessarily 
> without information loss.  For example, information may be lost when 
> translating 'text/html' to 'text/ plain'.
> 
> It is expected that the transition from SDP to new session description 
> protocols is implemented using 'multipart/alternative'

      CHANGE:

      --> The transition from SDP to new... could be implemented using...


> bodies.  SIP messages (e.g., INVITE requests) would carry a 
> 'multipart/alternative' body with two body parts: a session description 
> written in SDP and a session description written in a newer session 
> description format.  Legacy recipient UAs would use the session description
>  written in SDP.  New recipient UAs would use the one written in the newer
>  format.
> 
> A number of SIP UAs will also need to generate nested MIME bodies. Using 
> the extensions in the previous examples, a UA that supported a new session
>  description format and that needed to include a location object in an 
> INVITE request would include a 'multipart/mixed' body with two body parts:
>  a location object and a 'multipart/alternative'. The 
> 'multipart/alternative' body part would, in turn, have two body parts: a 
> session description written in SDP and a session description written in the
>  newer session description format.
> 
> 3.1.  General Considerations

I believe that "Considerations" text usually does not include normative
specification.



> For all MIME-based extensions to work, the recipient needs to be able to 
> decode the multipart bodies.  Therefore, SIP UAs MUST be able to parse 
> 'multipart' MIME bodies, including nested body parts.  In particular, UAs 
> MUST support the 'multipart/mixed' and 'multipart/ alternative' MIME types.
>  Note that, by default, unknown 'multipart' subtypes are treated as 
> 'multipart/mixed'.
> 
> 
> 
> 
> Camarillo                 Expires March 1, 2008                 [Page 4]  
> Internet-Draft        Message Body Handling in SIP           August 2007
> 
> 
> Note that SIP extensions may also include 'multipart' MIME bodies in 
> responses.  That is why both UACs and UASs need to support 'multipart' 
> bodies.
> 
> 3.2.  Body Generation
> 
> UAs should avoid unnecessarily nesting body parts.  However,

Why should they avoid this?  What are the criteria that define necessity?

Absent explanatory background and very concrete specification of conditions
that are acceptable or unacceptable, this kind of text is not very helpful.


> [RFC2046] states that a 'multipart' media type with a single body part is 
> useful in some circumstances (e.g., for sending non-text media types).  In
>  any case, UAs SHOULD NOT nest one 'multipart/mixed' within another unless
>  there is a need to reference the nested one (i.e., using the Content ID of
>  the nested body part).  Additionally, UAs SHOULD NOT nest one 
> 'multipart/alternative' within another.
> 
> All the body parts within a 'multipart/alternative' have the same 
> disposition type (see Section 4.1).  Some disposition types require that 
> all the body parts of a 'multipart/alternative' body have different content
>  types.  In particular, for the 'session' and 'early-session' [RFC3959] 
> disposition types, UAs MUST NOT place more than one body part with a given
>  content type in a 'multipart/ alternative' body.  That is, for 'session' 
> and 'early-session', no body part within a 'multipart/alternative' can have
>  the same content type as another body part within the same 
> 'multipart/alternative'.

So it is illegal to have two text/plain with different parameters?  This
question applies to some other content types, also, where differing parameters
can specify significantly different actual content (such as pictures with
different resolution.)

This constraint seems excessive.


> As stated earlier, the mapping between two body parts within a 
> 'multipart/alternative' body may imply information loss.  [RFC2046] 
> recommends that each part should have a different Content-ID value in the 
> case where the information content of the two parts is not identical.
> 
> A body part can only reference another body part if both are within the 
> same 'multipart/related' wrapper.  Therefore, UAs MUST ensure that any 
> given body part only references body parts within its 'multipart/related' 
> wrapper.

The "can" implies that only this situation is possible.  If only that
situation is possible, then UAs do not need to ensure it, so the normative
stricture does not seem to be needed.  If the 'can' is really meant to be a
MUST, then we have two normative sentences in the paragraph and they appear to
be saying the same thing.


> UAs MUST use the binary transfer encoding for binary payloads in SIP.
> 
> 3.3.  UAS Behavior
> 
> Section 3.1 mandates that all UAs support 'multipart' bodies. However, if a
>  particular UAS does not support 'multipart' bodies and receives one, the 
> UAS SHOULD return a 415 (Unsupported Media Type) response.

Unless I am missing something quite basic, the above normative sentence
defeats the earlier normative text that mandate support for multipart.  This
is a pure conflict.  Either support is mandatory or it is not.  If it is
mandatory, then the actions of a UA that does not support multipart are out of
scope.  If it is not mandatory, then the earlier MUST needs to be changed to
SHOULD.

However this sort of basic, apparent contradtiction in a specification often
signals some deeper ambiguities or conflicts within the working group.  The
document then suffers a pattern of problems.


> Note that it is essential that UASs without MIME support are at least able
>  to return an error response when receiving a 'multipart' body.  Not being
>  able to signal this type of error

The above is icing on the confusion cake.  Now it is saying that
non-supporting UAs must support multiparts partially.  This is yet a third
type of normative statement about support, conflicting with the other two (IMO),


> could cause serious interoperability problems.  Legacy UASs
> 
> 
> 
> Camarillo                 Expires March 1, 2008                 [Page 5]  
> Internet-Draft        Message Body Handling in SIP           August 2007
> 
> 
> without MIME support that, for some reason, cannot be immediately upgraded
>  to support MIME, should at least be upgraded to be able to report this 
> error.
> 
> As specified in [RFC3261], UASs that cannot decrypt a message body or a 
> body part can use the 493 (Undecipherable) response to report the error.
> 
> 
> 4.  Message-body and Body-part Disposition
> 
> The Content-Disposition header field, defined in [RFC2183] and extended by
>  [RFC3261], describes how to handle a SIP message's body or an individual 
> body part.  Examples of disposition types used in SIP in the 
> Content-Disposition header field are 'session' and 'render'.
> 
> [RFC3204] and [RFC3459] define the 'handling' parameter for the 
> Content-Disposition header field.  This parameter describes how a UAS 
> should react if it receives a message body whose content type or 
> disposition type it does not understand.  If the parameter has the value 
> 'optional', the UAS ignores the message body; if it has the value 
> 'required', the UAS returns a 415 (Unsupported Media Type) response.  The 
> default value for the 'handling' parameter is 'required'.
> 
> [RFC3204] identifies two situations where a UAS (User Agent Server) needs 
> to reject a request with a body part whose handling is required:
> 
> 1.  if it has an unknown content type. 2.  if it has an unknown disposition
>  type.
> 
> If the UAS (User Agent Server) did not understand the content type of the 
> body part, it can add an Accept header field to its 415 (Unsupported Media
>  Type) response listing the content types that the UAS does understand. 
> Nevertheless, there is no mechanism for a UAS that does not understand the
>  disposition type of a body part to inform the UAC (User Agent Client)
> about which disposition type was not understood or about the disposition
> types that are understood by the UAS.
> 
> The reason for not having such a mechanism is that disposition types are 
> typically supported within a context.  Outside that context, a UA (User 
> Agent) may not support the disposition type.  For example, a UA may support
>  the 'session' disposition type for body parts in INVITE and UPDATE 
> requests and their responses.  However, the same UA would not support the 
> 'session' disposition type in MESSAGE requests.
> 
> 
> 
> Camarillo                 Expires March 1, 2008                 [Page 6]  
> Internet-Draft        Message Body Handling in SIP           August 2007
> 
> 
> In another example, a UA may support the 'render' disposition type for 
> 'text/plain' and 'text/html' body parts in MESSAGE requests. Additionally,
>  the UA may support the 'session' disposition type for 'application/sdp' 
> body parts in INVITE and UPDATE requests and their responses.  However, the
>  UA may not support the 'render' disposition type for 'application/sdp' 
> body parts in MESSAGE requests, even if, in different contexts, the UA 
> supported all the 'render' disposition type, the 'application/sdp' content 
> type, and the MESSAGE method.
> 
> A given context is generally (but not necessarily) defined by a method, a 
> disposition type, and a content type.  Support for a specific context is 
> usually defined within an extension.  For example, the extension for 
> instant messaging in SIP [RFC3428] mandates support for the MESSAGE method,
>  the 'render' disposition type, and the 'text/plain' content type.
> 
> Note that, effectively, content types are also supported within a context.
>  Therefore, the use of the Accept header field in a 415 (Unsupported Media
>  Type) response is not enough to describe in which contexts a particular 
> content type is supported.
> 
> Therefore, support for a particular disposition type within a given context
>  is typically signalled by the use of a particular method or an option-tag
>  in a Supported or a Require header field.  When support for a particular 
> disposition type within a context is mandated, support for a default 
> content type is also mandated (e.g., a UA that supports the 'session' 
> disposition type in an INVITE request needs to support the 
> 'application/sdp' content type).
> 
> Content-ID URLs (Uniform Resource Locators) are another tool to describe 
> how a body part should be handled.  Some extensions use a Content-ID URL 
> [RFC2392], which can appear in a header field or within a body part (e.g.,
>  in an SDP attribute), that points to a body part.  The way to handle that
>  body part is defined by the field the Content-ID URL appears in and by the
>  disposition type of the body part.  For example, the extension to refer to
>  multiple resources in SIP [I-D.ietf-sip-multiple-refer] places a
> Content-ID URL in a Refer-To header field.  Such a Content-ID URL points to
> a body part whose disposition type is supposed to be 'recipient-list'.  In
> another example, the extension for file transfer in SDP 
> [I-D.ietf-mmusic-file-transfer-mech] places a Content-ID URL in a 
> 'file-icon' SDP attribute.  This Content-ID URL points to a body part whose
>  disposition type is supposed to be 'icon'.
> 
> 4.1.  Body Generation
> 
> As stated earlier, the 'handling' Content-Disposition parameter can take 
> two values: 'required' or 'optional'.  While it is typically
> 
> 
> 
> Camarillo                 Expires March 1, 2008                 [Page 7]  
> Internet-Draft        Message Body Handling in SIP           August 2007
> 
> 
> easy for a UA to decide which type of handling an individual body part 
> requires, setting the 'handing' parameter of 'multipart' bodies requires 
> extra considerations.
> 
> If at least one of the body parts within a 'multipart/mixed' body has a 
> 'handling' value of 'required', the UA MUST set the 'handling' parameter of
>  the 'multipart/mixed' body to 'required'.  If all the body parts within a
>  'multipart/mixed' body have a 'handling' value of 'optional', the UA MUST
>  set the 'handling' parameter of the 'multipart/mixed' body to 'optional'.
> 
> The 'handling' parameter is a Content-Disposition parameter. Therefore, in
>  order to set this parameter, it is necessary to provide the 
> 'multipart/mixed' body with a disposition type.  Per [RFC3261], the default
>  disposition type for 'application/sdp' is 'session' and for other bodies 
> is 'render'.  UAs SHOULD assign 'multipart/mixed' bodies a disposition type
>  of 'render'.
> 
> Note that the fact that 'multipart/mixed' bodies have a disposition type of
>  'render' does not imply that they will be rendered to the user.  The way 
> the body parts within the 'multipart/mixed' are handled depends on the 
> disposition types of the individual body parts.  The actual disposition 
> type of the whole 'multipart/mixed' is irrelevant.  The 'render' 
> disposition type has been chosen for 'multipart/mixed' bodies simply 
> because it is the default disposition type in SIP.
> 
> If the handling of a 'multipart/alternative' body is required, the UA MUST
>  set the 'handling' parameter of the 'multipart/alternative' body and to
> the last body part within the 'multipart/alternative' to 'required'. 
> Additionally, the UA MUST set the 'handling' parameter of all body parts 
> within the 'multipart/alternative' except the last one to 'optional'.  The
>  UA MUST use the same disposition type for the 'multipart/alternative' body
>  and all its body parts.

I am confused by the above paragraph, enough to be unclear how to describe the
confusion.

So I'll simply ask that someone other than the author word-smith it very
carefully, to make sure that it says only and exactly the normative actions
that are intended. The reason for suggesting it be a different person is
simply to get a different language processing brain to work on the text.  I
find this often helps clarify my own authored text quite a bit.



> 4.2.  Body Processing
> 
> In order to process a message body or a body part, a UA needs to know 
> whether a SIP header field or another body part contains a reference

I do not understand why.

And I guess this means that there can be no processing of any body part until
the entire body is scan for references to it?  Seem onerous, but maybe not
that unusual for MIME.


> to it (e.g., a Content-ID URL pointing to it).  If the body part is not 
> referenced in any way (e.g., there are no header fields or other body parts
>  with a Content-ID URL pointing to it), the UA processes the body part as 
> indicated by its disposition type and the context in which the body part 
> was received.
> 
> If the SIP message contains a reference to the body part, the UA processes
>  the body part according to the reference and the disposition type of the 
> body part.  If the SIP message contains more

So, a reference completely overrides the processing that is done "local" to
the actual body part?

Or do you mean that the body-part might be processed repeatedly, once for each
reference (and possibly once at its actual occurrence?)  If it is not
processed at its actual occurrence, why not?

Hmmm.  Perhaps this is a characteristic of /related: Processing always flows
from "entry point" body part and not of the other, related body parts has an
utility of its own.  This is in marked contrast with /mixed, where each body
part is independent.


> 
> 
> Camarillo                 Expires March 1, 2008                 [Page 8]  
> Internet-Draft        Message Body Handling in SIP           August 2007
> 
> 
> than one reference to the body part (e.g., two header fields contain 
> Content-ID URLs pointing to the body part), the UA processes the body part
>  as many times as references there are.

And, indeed, this text, here, seems to support the interpretation I am suggesting.


> A UA looking for references to a body part starts by parsing the SIP 
> message's header fields.  Additionally, if the body part is within a 
> 'multipart/related' [RFC2387] wrapper, the body parts within the 
> 'multipart/related' wrapper may reference each other.  Therefore, the UA 
> processes the body parts in the 'multipart/related', starting with its 
> 'root', looking for references to the body part.

What is it about the above that is "clarifying"?


> Note that, per [RFC2387], a UA processing a 'multipart/related' body 
> processes it as a compound object ignoring the disposition types of the 
> body parts within it.

This paragraph appears to be contradicting the one before it.


> Following the rules in [RFC3204], if a UA does not understand a body part 
> whose handling is optional, it ignores it.
> 
> Note that the content indirection mechanism in SIP [RFC4483] allows UAs to
>  point to external bodies.  Therefore, a UA receiving a SIP message that 
> uses content indirection may need to fetch a body part (e.g., using HTTP 
> [RFC2616]) in order to process it.
> 
> 4.3.  UAS Behavior
> 
> If a UAS cannot process a request because, in the given context, it does 
> not support the content type or the disposition type of a body part whose 
> handling is required, the UAS SHOULD return a 415 (Unsupported Media Type)
>  response even if the UAS supported the content type, the disposition type,
>  or both in a different context.

Why isn't it a MUST rather than a SHOULD???


> Consequently, it is possible to receive a 415 (Unsupported Media Type) 
> response with an Accept header field containing all the content types used
>  in the request.
> 
> If a UAS receives a request with a body part whose disposition type is not
>  compatible with the way the body part should be handled according to other
>  parts of the SIP message (e.g., a Refer-To header field with a Content-ID
>  URL pointing to a body part whose disposition type is 'session'), the UAS
>  SHOULD return a 415 (Unsupported Media Type) response.
> 
> 
> 5.  Guidelines to Authors of SIP Extensions
> 
> These guidelines are intended for authors of SIP extensions that involve, 
> in some way, message bodies or body parts.
> 
> 
> 
> 
> Camarillo                 Expires March 1, 2008                 [Page 9]  
> Internet-Draft        Message Body Handling in SIP           August 2007
> 
> 
> This specification mandates support for 'multipart/mixed' and

mandates.  mumble.  hmmm...


> 'multipart/alternative' and describes how to handle 'multipart/ related' 
> [RFC2387] bodies.  At present, there are no SIP extensions that use 
> different 'multipart' subtypes such as parallel [RFC2046] or digest 
> [RFC2046].  If such extensions were to be defined in the future, their 
> authors would need to make sure (e.g., by using an option-tag or by other 
> means) that entities receiving those 'multipart' subtypes were able to 
> process them.  As stated earlier, UAs treat unknown 'multipart' subtypes as
>  'multipart/mixed'.
> 
> Body parts within a 'multipart/related' wrapper can reference each other. 
> Per [RFC2387], a UA processing a 'multipart/related' body processes it as a
>  compound object ignoring the disposition types of the body parts within 
> it. However, UAs that do not understand 'multipart/related' will treat it 
> as 'multipart/mixed'.  These UAs will not be able to process the references
>  among the body parts and will process the body parts according to their 
> disposition type.
> 
> When a SIP UA receives a header field or an optional body part it does not
>  understand, the UA ignores it.  A header field or a body part carrying a 
> reference to another body part (e.g., a Content-ID URL) can influence the 
> way that body part is handled.  If a header

If this pertains to the earlier discussion about processing a reference, then
there is no "can"; there is only "will".  If this sentence is intended to
convey some other implication, then I do not understand what it is.


> field or a body part carrying a reference to a body part is not understood
>  and, thus, ignored by its recipient, the body part could be handled in an
>  unintended way.  Therefore, authors of SIP

"could"?  If the body part is not understood then its handling is
well-defined.  While the generating of the part certainly did not "intend"
that handling, they have to assume that a given recipient might not be able to
process it and existing specification text says how to handle it.

So, I am guessing that the text needs to say something like "In order to
ensure that referenced body parts are processed properly, authors of SIP
extensions..."


> extensions that involve references to body parts need to make sure (e.g., 
> by using an option-tag or by other means) that entities processing those 
> extensions do not behave in unintended ways.

I do not see how the above 4 paragraphs in this section offer 'guidelines' for
extensions.


> Additionally, authors of such extensions need to specify the acceptable 
> disposition types of the referenced body part and a default, mandatory to 
> support, content type per disposition type.
> 
> As stated earlier, SIP extensions may also include 'multipart' MIME bodies
>  in responses.  However, UACs receiving a response cannot

      CHANGE:

      ...bodies in responses.  Hence, a response can be extremely complex and
the client receiving the response might not be able to process the response
correctly.  Because UACs receiving a response cannot...requests), authors of
SIP...


> report errors to the UAS that generated the response (i.e., error responses
>  can only be generated for requests).  Therefore, authors of SIP extensions
>  need to make sure that requests clearly indicate (e.g., by using an 
> option-tag or by other means) the capabilities of the UAC so that UASs can
>  decide what to include in their responses.
> 
> 
> 6.  Security Considerations
> 
> TBD.
> 
> 
> 
> 
> 
> 
> Camarillo                 Expires March 1, 2008                [Page 10]  
> Internet-Draft        Message Body Handling in SIP           August 2007
> 
> 
> 7.  Acknowledgements
> 
> The ideas in this document were discussed with Paul Kyzivat. Christer 
> Holmberg, Francois Audet, and Dan Wing provided comments on this document.
> 
> 
> 8.  IANA Considerations
> 
> This document does not contain any IANA actions.
> 
> 
> 9.  References
> 
> 9.1.  Normative References
> 
> [RFC2045]  Freed, N. and N. Borenstein, "Multipurpose Internet Mail 
> Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, 
> November 1996.
> 
> [RFC2046]  Freed, N. and N. Borenstein, "Multipurpose Internet Mail 
> Extensions (MIME) Part Two: Media Types", RFC 2046, November 1996.
> 
> [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate Requirement
>  Levels", BCP 14, RFC 2119, March 1997.
> 
> [RFC2183]  Troost, R., Dorner, S., and K. Moore, "Communicating 
> Presentation Information in Internet Messages: The Content-Disposition 
> Header Field", RFC 2183, August 1997.
> 
> [RFC2387]  Levinson, E., "The MIME Multipart/Related Content-type", RFC 
> 2387, August 1998.
> 
> [RFC2392]  Levinson, E., "Content-ID and Message-ID Uniform Resource 
> Locators", RFC 2392, August 1998.
> 
> [RFC3204]  Zimmerer, E., Peterson, J., Vemuri, A., Ong, L., Audet, F., 
> Watson, M., and M. Zonoun, "MIME media types for ISUP and QSIG Objects", 
> RFC 3204, December 2001.
> 
> [RFC3261]  Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., 
> Peterson, J., Sparks, R., Handley, M., and E. Schooler, "SIP: Session 
> Initiation Protocol", RFC 3261, June 2002.
> 
> [RFC3459]  Burger, E., "Critical Content Multi-purpose Internet Mail 
> Extensions (MIME) Parameter", RFC 3459, January 2003.
> 
> 
> 
> Camarillo                 Expires March 1, 2008                [Page 11]  
> Internet-Draft        Message Body Handling in SIP           August 2007
> 
> 
> [RFC3959]  Camarillo, G., "The Early Session Disposition Type for the 
> Session Initiation Protocol (SIP)", RFC 3959, December 2004.
> 
> [RFC4483]  Burger, E., "A Mechanism for Content Indirection in Session 
> Initiation Protocol (SIP) Messages", RFC 4483, May 2006.
> 
> 9.2.  Informational References
> 
> [RFC2616]  Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L.,
>  Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1",
>  RFC 2616, June 1999.
> 
> [RFC3428]  Campbell, B., Rosenberg, J., Schulzrinne, H., Huitema, C., and 
> D. Gurle, "Session Initiation Protocol (SIP) Extension for Instant 
> Messaging", RFC 3428, December 2002.
> 
> [RFC4566]  Handley, M., Jacobson, V., and C. Perkins, "SDP: Session 
> Description Protocol", RFC 4566, July 2006.
> 
> [I-D.ietf-sip-multiple-refer] Camarillo, G., "Referring to Multiple 
> Resources in the Session Initiation Protocol (SIP)", 
> draft-ietf-sip-multiple-refer-01 (work in progress), January 2007.
> 
> [I-D.ietf-mmusic-file-transfer-mech] Garcia-Martin, M., "A Session 
> Description Protocol (SDP) Offer/Answer Mechanism to Enable File Transfer",
>  draft-ietf-mmusic-file-transfer-mech-03 (work in progress), June 2007.
> 
> 
> Author's Address
> 
> Gonzalo Camarillo Ericsson Hirsalantie 11 Jorvas  02420 Finland
> 
> Email: Gonzalo.Camarillo@ericsson.com
> 
> 
> 
> 
> 
> 
> 
> 
> Camarillo                 Expires March 1, 2008                [Page 12]  
> Internet-Draft        Message Body Handling in SIP           August 2007
> 
> 
> Full Copyright Statement
> 
> Copyright (C) The IETF Trust (2007).
> 
> This document is subject to the rights, licenses and restrictions contained
>  in BCP 78, and except as set forth therein, the authors retain all their 
> rights.
> 
> This document and the information contained herein are provided on an "AS 
> IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS 
> SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE 
> INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR 
> IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 
> INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES 
> OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
> 
> 
> Intellectual Property
> 
> The IETF takes no position regarding the validity or scope of any 
> Intellectual Property Rights or other rights that might be claimed to 
> pertain to the implementation or use of the technology described in this 
> document or the extent to which any license under such rights might or 
> might not be available; nor does it represent that it has made any 
> independent effort to identify any such rights.  Information on the 
> procedures with respect to rights in RFC documents can be found in BCP 78 
> and BCP 79.
> 
> Copies of IPR disclosures made to the IETF Secretariat and any assurances 
> of licenses to be made available, or the result of an attempt made to 
> obtain a general license or permission for the use of such proprietary 
> rights by implementers or users of this specification can be obtained from
>  the IETF on-line IPR repository at http://www.ietf.org/ipr.
> 
> The IETF invites any interested party to bring to its attention any 
> copyrights, patents or patent applications, or other proprietary rights 
> that may cover technology that may be required to implement this standard.
>  Please address the information to the IETF at ietf-ipr@ietf.org.
> 
> 
> Acknowledgment
> 
> Funding for the RFC Editor function is provided by the IETF Administrative
>  Support Activity (IASA).
> 
> 
> 
> 
> 
> Camarillo                 Expires March 1, 2008                [Page 13] 




-- 

   Dave Crocker
   Brandenburg InternetWorking
   bbiw.net





_______________________________________________
APPS-REVIEW mailing list
APPS-REVIEW@ietf.org
https://www1.ietf.org/mailman/listinfo/apps-review