[Gen-art] Gen-ART Last Call Review of draft-hautakorpi-sipping-uri-list-handling-refused-03.txt
"Eric Gray" <eric.gray@ericsson.com> Tue, 29 April 2008 15:31 UTC
Return-Path: <gen-art-bounces@ietf.org>
X-Original-To: gen-art-archive@optimus.ietf.org
Delivered-To: ietfarch-gen-art-archive@core3.amsl.com
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0C6363A685D; Tue, 29 Apr 2008 08:31:43 -0700 (PDT)
X-Original-To: gen-art@core3.amsl.com
Delivered-To: gen-art@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8670E3A6C2B for <gen-art@core3.amsl.com>; Tue, 29 Apr 2008 08:31:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.3
X-Spam-Level:
X-Spam-Status: No, score=-3.3 tagged_above=-999 required=5 tests=[AWL=3.300, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6IH+awmq14bb for <gen-art@core3.amsl.com>; Tue, 29 Apr 2008 08:31:38 -0700 (PDT)
Received: from imr1.ericy.com (imr1.ericy.com [198.24.6.9]) by core3.amsl.com (Postfix) with ESMTP id 03B4A3A694C for <gen-art@ietf.org>; Tue, 29 Apr 2008 08:31:37 -0700 (PDT)
Received: from eusrcmw751.eamcs.ericsson.se (eusrcmw751.exu.ericsson.se [138.85.77.51]) by imr1.ericy.com (8.13.1/8.13.1) with ESMTP id m3TFVVRs012965; Tue, 29 Apr 2008 10:31:40 -0500
Received: from eusrcmw721.eamcs.ericsson.se ([138.85.77.21]) by eusrcmw751.eamcs.ericsson.se with Microsoft SMTPSVC(6.0.3790.1830); Tue, 29 Apr 2008 10:31:39 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Tue, 29 Apr 2008 10:31:39 -0500
Message-ID: <941D5DCD8C42014FAF70FB7424686DCF02F5B580@eusrcmw721.eamcs.ericsson.se>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Gen-ART Last Call Review of draft-hautakorpi-sipping-uri-list-handling-refused-03.txt
Thread-Index: AciqDh4PurQBo5/2SG+gzs3sdII8Ig==
From: Eric Gray <eric.gray@ericsson.com>
To: Jani Hautakorpi <jani.hautakorpi@ericsson.com>, Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com>
X-OriginalArrivalTime: 29 Apr 2008 15:31:39.0995 (UTC) FILETIME=[1E9D52B0:01C8AA0E]
Cc: gen-art@ietf.org, Jon Peterson <jon.peterson@neustar.biz>
Subject: [Gen-art] Gen-ART Last Call Review of draft-hautakorpi-sipping-uri-list-handling-refused-03.txt
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: gen-art-bounces@ietf.org
Errors-To: gen-art-bounces@ietf.org
I have been selected as the General Area Review Team (Gen-ART) reviewer for this draft (for background on Gen-ART, please see http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html). Please resolve these comments along with any other Last Call comments you may receive. Document: draft-hautakorpi-sipping-uri-list-handling-refused-03.txt Reviewer: Eric Gray Review Date: 4/29/2008 IETF LC End Date: 4/29/2008 Summary: This draft may be nearly ready for publishing as an RFC - either Informational or Proposed Standard (depending on the answer to one of my 2 questions) Comments: I have 2 questions: 1) Why is this intended to be published as an Informational RFC? This does not report message formats, code point assignments, protocol (extended) behaviors defined elsewhere - it defines them here. The very first sentence in the abstract starts - "This document specifies the ..." Hence it seems to me that this document is a specification and should probably be a PS RFC. 2) What is the deployment scenario envisioned that has a security exposure to Eavesdropping and/or Disclosure that does not have similar exposures to other forms of attack (e.g. - MitM)? The security considerations section says "attackers are not supposed to have access to the protocol messages between those [trusted] elements [that would handle message containing the P-Refused-URI-List P-Header]." Presumably an attacker would need to have such access if it was in a position to eavesdrop on the contents of a 403 (Forbidden) response. Otherwise, the draft is in very good shape. _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www.ietf.org/mailman/listinfo/gen-art