[Gen-art] Gen-art review of draft-ietf-sipping-consent-reqs-03.txt

I was selected as General Area Review Team reviewer for this specification
(for background on Gen-ART, please see
http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html).

Document: draft-ietf-sipping-consent-reqs-03.txt
Intended Status: Proposed Standard
Shepherding AD: Allison Mankin
Proto Shepherd: Rohan Mahy
Review Trigger: IESG Telechat 5 January 2006

Review:
This is a well written and coherent document which makes its arguments 
well and provides what seems like a good set of 'positive' 
requirements.  However I think there are a number of omissions which 
should be considered before it is ready for publication:
- How much knowledge of the network and relay state does a given 
user/user agent need to install consents on all relevant relays?  
Caveat: I am not a SIP expert so I may have some misunderstandings 
here.  As I understand it, a user device will register for a session 
with a given relay/proxy that it knows about.  In the context of REQ 6, 
how is the device to know that the relevant consents are installed on 
this relay as the device might have a choice of relays?
- The document doesn't put any requirements on the transition to the 
consent based system.  If I understand correctly the introduction of the 
consent based system would effectively reverse the default assumption 
from (e.g.) 'INVITE delivered by default' to 'INVITE not delivered by 
default'.  Introducing this change will be challenging, both in terms of 
how to handle existing users and providing an effective initial 
configuration for new users.
- The document doesn't mention the need for strict authorization of 
messages setting up or revoking consent permissions which I believe is 
essential.  This should probably be in the context of a discussion of 
how to avoid the consent mechanism itself becoming the focus of DoS 
attacks, and then some requirements stemming from this.  This might also 
consider whether these messages *must* originate from the user/user 
agent to which the permission applies or whether third parties with 
appropriate authorization can provide the permissions.
- In the context of REQ 8 (need for future proofing), I suspect that a 
requirement for an 'emergency override' needs to be provided for so that 
in future suitably authorized requests could ignore a prior consent denial.
- Some thought needs to be given to requirements on logging of requests 
which are rejected as a result of non-consent.  This may be relevant to 
legal requirements on interception of communication and it might also be 
interesting for users to be able to examine the log of users who tried 
to call them but were rejected - this is particularly relevant as the 
proposal defaults to rejecting calls for which explicit consent has not 
been given.

Minor points:
REQ 5: If a user revokes permission for a user with whom a call is 
pending or in progress, should this have the effect of terminating the call?

REQ 6: This should also apply to grants: I think this is saying that all 
grant and revoke messages should be idempotent.

REQ 8: '...shall work for all .. future SIP methods': I know what is 
meant but this is impossible to guarantee and probably an undesirable 
constraint on future developments. How about something like 'should be 
designed, so far as is possible, to work with any future SIP methods and 
place minimal constraints on such methods.'

Editorial nit:
The term 'screen pop' used twice in s2 is very colloquial.  I would 
suggest 'visual alert' instead. How about replacing:
   For INVITE requests, this usually involves
   "ringing the phone", or creating a screen pop.
with
   For INVITE requests, this usually involves
   delivering an audible alert (e.g., "ringing the phone"), or
   a visual alert (e.g., creating a screen pop-up window).

_______________________________________________
Gen-art mailing list
Gen-art@ietf.org
https://www1.ietf.org/mailman/listinfo/gen-art