[Insipid] Alissa Cooper's Yes on draft-ietf-insipid-session-id-27: (with COMMENT)

"Alissa Cooper" <alissa@cooperw.in> Thu, 18 August 2016 19:25 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Alissa Cooper <alissa@cooperw.in>
To: The IESG <iesg@ietf.org>
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147154835520.27727.4524748336045285692.idtracker@ietfa.amsl.com>
Date: Thu, 18 Aug 2016 12:25:55 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/insipid/oFiBf0TAdnl48J61cdz0jjdm8lI>
Cc: insipid@ietf.org, insipid-chairs@ietf.org, draft-ietf-insipid-session-id@ietf.org, christer.holmberg@ericsson.com
Subject: [Insipid] Alissa Cooper's Yes on draft-ietf-insipid-session-id-27: (with COMMENT)

Alissa Cooper has entered the following ballot position for
draft-ietf-insipid-session-id-27: Yes

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-insipid-session-id/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Thanks for addressing my DISCUSS, leaving my comments below for
posterity.

== General ==

I do not think RFC 7206 needs to be a normative reference, but I'm also
fine with the downref.

== Section 6 ==

"It should be noted that messages received by an endpoint might
   contain a "local-uuid" value that does not match what the endpoint
   expected its peer's UUID to be.  It is also possible for an endpoint
   to receive a "remote-uuid" value that does not match its generated
   UUID for the session.  Either might happen as a result of service
   interactions by intermediaries and MUST NOT affect the communication
   session."

The MUST NOT at the end there is vague and also seems a bit contradictory
to the statement in Section 4.2 that "How a device acting on Session
Identifiers processes or utilizes the Session Identifier is outside the
scope of this document." Could you clarify what the intent of the last
sentence is, and how it squares with the idea that actions taken (or not
taken) based on session identifiers are not being specified here?

== Section 7 ==

"The Session-ID header field value included in a CANCEL request MUST
   be identical to the Session-ID header field value included in the
   corresponding request."

Does "corresponding request" mean original request, as in Section 6? I
think it would be clearer if the text said "original INVITE request" both
here and in Section 6.

== Section 11 ==

'altering the nil "remote-uuid"' seems like it could be phrased less
awkwardly.

"Standard implementations SHOULD NOT expect pre-standard implementations
to be consistent in their implementation" -- I don't think this needs
normative language.

== Section 12 ==

I think the note about billing purposes is outside the scope of the
document and should be removed. Or if not, it needs further motivation --
if someone wanted to bill based on the number of sessions a UA initiated,
why would using the session identifier be an inappropriate way of
counting those?

[Insipid] Alissa Cooper's Yes on draft-ietf-insip… Alissa Cooper