Gen-ART Telechat Review of draft-ietf-cuss-sip-uui-reqs-07
Ben Campbell <ben@nostrum.com> Tue, 01 November 2011 19:01 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A10281F0D13; Tue, 1 Nov 2011 12:01:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.464
X-Spam-Level:
X-Spam-Status: No, score=-102.464 tagged_above=-999 required=5 tests=[AWL=-0.091, BAYES_00=-2.599, SARE_SUB_OBFU_Q1=0.227, SPF_PASS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NrEG-7nQdIK2; Tue, 1 Nov 2011 12:01:59 -0700 (PDT)
Received: from nostrum.com (nostrum-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:267::2]) by ietfa.amsl.com (Postfix) with ESMTP id 78CF61F0CE6; Tue, 1 Nov 2011 12:01:34 -0700 (PDT)
Received: from [10.0.1.19] (cpe-76-187-75-59.tx.res.rr.com [76.187.75.59]) (authenticated bits=0) by nostrum.com (8.14.3/8.14.3) with ESMTP id pA1J1G8B005684 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 1 Nov 2011 14:01:23 -0500 (CDT) (envelope-from ben@nostrum.com)
From: Ben Campbell <ben@nostrum.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: Gen-ART Telechat Review of draft-ietf-cuss-sip-uui-reqs-07
Date: Tue, 01 Nov 2011 14:01:23 -0500
Message-Id: <99495118-A82F-479F-99F0-9360592B3CCD@nostrum.com>
To: draft-ietf-cuss-sip-uui-reqs.all@tools.ietf.org
Mime-Version: 1.0 (Apple Message framework v1251.1)
X-Mailer: Apple Mail (2.1251.1)
Received-SPF: pass (nostrum.com: 76.187.75.59 is authenticated by a trusted mechanism)
X-Mailman-Approved-At: Tue, 01 Nov 2011 13:16:38 -0700
Cc: "gen-art@ietf.org Review Team" <gen-art@ietf.org>, The IETF <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Nov 2011 19:01:59 -0000
I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at < http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. Please wait for direction from your document shepherd or AD before posting a new version of the draft. Document: draft-ietf-cuss-sip-uui-reqs-07 Reviewer: Ben Campbell Review Date: 2011-01-01 IESG Telechat date: 2011-01-03 Summary: This version is basically ready for publication as an informational RFC. Alan responded to two of my comments with perfectly reasonable explanations (see quoted text below.) In both cases, I think the requirements would be more clear if the clarifications were included in the draft text: >> >> >> -- REQ-12: >> >> What degree of certainty is required here? (i.e. strong identity?) If implied by the SIP dialog, does that impact expectations on what sort of authn must happen at the SIP layer? > > This is not meant to imply strong identity. And since UUI data can appear in a response, there aren't really any strong methods available with SIP. The UUI mechanism does not introduce stronger authorization requirements for SIP, but instead the mechanism needs to be able to utilize existing SIP approaches. > >> >> -- REQ 13: >> >> I'm not sure I understand how this interacts with the ability for intermediaries to remove UUI. Should this be detectable by the endpoints? Or is that ability limited to the hop-by-hop case, or require no integrity protection? > > Yes, there are tradeoffs between this requirement and requirement REQ-9. Hop-by-hop protection is one way to resolve this interaction.
- Gen-ART Telechat Review of draft-ietf-cuss-sip-uu… Ben Campbell