[Gen-art] Gen-art review of draft-ietf-sipping-consent-reqs-03.txt
Elwyn Davies <elwynd@dial.pipex.com> Fri, 30 December 2005 11:03 UTC
Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EsI34-0006Qe-2a; Fri, 30 Dec 2005 06:03:50 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EsI31-0006QH-Bz for gen-art@megatron.ietf.org; Fri, 30 Dec 2005 06:03:48 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA02661 for <gen-art@ietf.org>; Fri, 30 Dec 2005 06:02:35 -0500 (EST)
Received: from a.painless.aaisp.net.uk ([81.187.81.51] helo=smtp.aaisp.net.uk) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EsI7R-000573-HK for gen-art@ietf.org; Fri, 30 Dec 2005 06:08:21 -0500
Received: from 247.254.187.81.in-addr.arpa ([81.187.254.247] helo=[127.0.0.1]) by smtp.aaisp.net.uk with esmtps (TLSv1:AES256-SHA:256) (Exim 4.43) id 1EsI2X-0002QQ-Od; Fri, 30 Dec 2005 11:03:17 +0000
Message-ID: <43B5146E.80203@dial.pipex.com>
Date: Fri, 30 Dec 2005 11:05:18 +0000
From: Elwyn Davies <elwynd@dial.pipex.com>
User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: gen-art@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 4b800b1eab964a31702fa68f1ff0e955
Content-Transfer-Encoding: 7bit
Cc: rohan@ekabal.com, jdrosen@cisco.com, dean.willis@softarmor.com, Allison Mankin <mankin@psg.com>, Gonzalo.Camarillo@ericsson.com
Subject: [Gen-art] Gen-art review of draft-ietf-sipping-consent-reqs-03.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Sender: gen-art-bounces@ietf.org
Errors-To: gen-art-bounces@ietf.org
I was selected as General Area Review Team reviewer for this specification (for background on Gen-ART, please see http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html). Document: draft-ietf-sipping-consent-reqs-03.txt Intended Status: Proposed Standard Shepherding AD: Allison Mankin Proto Shepherd: Rohan Mahy Review Trigger: IESG Telechat 5 January 2006 Review: This is a well written and coherent document which makes its arguments well and provides what seems like a good set of 'positive' requirements. However I think there are a number of omissions which should be considered before it is ready for publication: - How much knowledge of the network and relay state does a given user/user agent need to install consents on all relevant relays? Caveat: I am not a SIP expert so I may have some misunderstandings here. As I understand it, a user device will register for a session with a given relay/proxy that it knows about. In the context of REQ 6, how is the device to know that the relevant consents are installed on this relay as the device might have a choice of relays? - The document doesn't put any requirements on the transition to the consent based system. If I understand correctly the introduction of the consent based system would effectively reverse the default assumption from (e.g.) 'INVITE delivered by default' to 'INVITE not delivered by default'. Introducing this change will be challenging, both in terms of how to handle existing users and providing an effective initial configuration for new users. - The document doesn't mention the need for strict authorization of messages setting up or revoking consent permissions which I believe is essential. This should probably be in the context of a discussion of how to avoid the consent mechanism itself becoming the focus of DoS attacks, and then some requirements stemming from this. This might also consider whether these messages *must* originate from the user/user agent to which the permission applies or whether third parties with appropriate authorization can provide the permissions. - In the context of REQ 8 (need for future proofing), I suspect that a requirement for an 'emergency override' needs to be provided for so that in future suitably authorized requests could ignore a prior consent denial. - Some thought needs to be given to requirements on logging of requests which are rejected as a result of non-consent. This may be relevant to legal requirements on interception of communication and it might also be interesting for users to be able to examine the log of users who tried to call them but were rejected - this is particularly relevant as the proposal defaults to rejecting calls for which explicit consent has not been given. Minor points: REQ 5: If a user revokes permission for a user with whom a call is pending or in progress, should this have the effect of terminating the call? REQ 6: This should also apply to grants: I think this is saying that all grant and revoke messages should be idempotent. REQ 8: '...shall work for all .. future SIP methods': I know what is meant but this is impossible to guarantee and probably an undesirable constraint on future developments. How about something like 'should be designed, so far as is possible, to work with any future SIP methods and place minimal constraints on such methods.' Editorial nit: The term 'screen pop' used twice in s2 is very colloquial. I would suggest 'visual alert' instead. How about replacing: For INVITE requests, this usually involves "ringing the phone", or creating a screen pop. with For INVITE requests, this usually involves delivering an audible alert (e.g., "ringing the phone"), or a visual alert (e.g., creating a screen pop-up window). _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www1.ietf.org/mailman/listinfo/gen-art
- [Gen-art] Gen-art review of draft-ietf-sipping-co… Elwyn Davies