[Gen-art] Gen-art review of draft-ietf-sipping-consent-reqs-03.txt (corrected)

Correction (Cut and paste error): This doc is intended for Info not PS.

I was selected as General Area Review Team reviewer for this specification
(for background on Gen-ART, please see
http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html).

Document: draft-ietf-sipping-consent-reqs-03.txt
Intended Status: Informational
Shepherding AD: Allison Mankin
Proto Shepherd: Rohan Mahy
Review Trigger: IESG Telechat 5 January 2006

Review:
This is a well written and coherent document which makes its arguments
well and provides what seems like a good set of 'positive'
requirements.  However I think there are a number of omissions which
should be considered before it is ready for publication:
- How much knowledge of the network and relay state does a given
user/user agent need to install consents on all relevant relays?
Caveat: I am not a SIP expert so I may have some misunderstandings
here.  As I understand it, a user device will register for a session
with a given relay/proxy that it knows about.  In the context of REQ 6,
how is the device to know that the relevant consents are installed on
this relay as the device might have a choice of relays?
- The document doesn't put any requirements on the transition to the
consent based system.  If I understand correctly the introduction of the
consent based system would effectively reverse the default assumption
from (e.g.) 'INVITE delivered by default' to 'INVITE not delivered by
default'.  Introducing this change will be challenging, both in terms of
how to handle existing users and providing an effective initial
configuration for new users.
- The document doesn't mention the need for strict authorization of
messages setting up or revoking consent permissions which I believe is
essential.  This should probably be in the context of a discussion of
how to avoid the consent mechanism itself becoming the focus of DoS
attacks, and then some requirements stemming from this.  This might also
consider whether these messages *must* originate from the user/user
agent to which the permission applies or whether third parties with
appropriate authorization can provide the permissions.
- In the context of REQ 8 (need for future proofing), I suspect that a
requirement for an 'emergency override' needs to be provided for so that
in future suitably authorized requests could ignore a prior consent denial.
- Some thought needs to be given to requirements on logging of requests
which are rejected as a result of non-consent.  This may be relevant to
legal requirements on interception of communication and it might also be
interesting for users to be able to examine the log of users who tried
to call them but were rejected - this is particularly relevant as the
proposal defaults to rejecting calls for which explicit consent has not
been given.

Minor points:
REQ 5: If a user revokes permission for a user with whom a call is
pending or in progress, should this have the effect of terminating the call?

REQ 6: This should also apply to grants: I think this is saying that all
grant and revoke messages should be idempotent.

REQ 8: '...shall work for all .. future SIP methods': I know what is
meant but this is impossible to guarantee and probably an undesirable
constraint on future developments. How about something like 'should be
designed, so far as is possible, to work with any future SIP methods and
place minimal constraints on such methods.'

Editorial nit:
The term 'screen pop' used twice in s2 is very colloquial.  I would
suggest 'visual alert' instead. How about replacing:
   For INVITE requests, this usually involves
   "ringing the phone", or creating a screen pop.
with
   For INVITE requests, this usually involves
   delivering an audible alert (e.g., "ringing the phone"), or
   a visual alert (e.g., creating a screen pop-up window).

_______________________________________________
Gen-art mailing list
Gen-art@ietf.org
https://www1.ietf.org/mailman/listinfo/gen-art