[secdir] Review of draft-mohali-dispatch-cause-for-service-number-12

Robert Sparks <rjsparks@nostrum.com> Thu, 22 December 2016 19:07 UTC

Return-Path: <rjsparks@nostrum.com>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 8340712947C; Thu, 22 Dec 2016 11:07:40 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Robert Sparks <rjsparks@nostrum.com>
To: secdir@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.40.3
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <148243366051.26035.14431528711060624773.idtracker@ietfa.amsl.com>
Date: Thu, 22 Dec 2016 11:07:40 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/GRlEPl1usP9Lg-S_UfjYPXkq7YE>
Cc: ietf@ietf.org, draft-mohali-dispatch-cause-for-service-number.all@ietf.org
Subject: [secdir] Review of draft-mohali-dispatch-cause-for-service-number-12
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Dec 2016 19:07:40 -0000

Reviewer: Robert Sparks
Review result: Ready

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

Document : draft-mohali-dispatch-cause-for-service-number-12

Summary: Ready for publication as an Informational RFC

This document adds a value to use with the SIP "cause" URI parameter
that means
'This URI is like it is because a service number translation service
produced it'.
Its key value is added when the URI appears in the sequence of URIs in
the
History-Info header field, letting a subsequent service, or
recipient's user agent
(particularly when the recipient is someone in a call center ) know
more about
who the caller was really trying to reach.

This document doesn't change the security landscape for use of the
cause URI
parameter or the History-Info header mechanics. The only information
it adds
for consideration is that a number translation service was used.

The History-Info mechanism (RFC7044) has significant security and
privacy
considerations. This document points strongly to that document, which
points
to the SIP Privacy mechanism (RFC3323). Again, adding this cause
number does
not add new considerations for the use of that mechanism.

There has been a lot of discussion about whether this document should
proceed as Informational, mostly rooted in the IANA registation
policy
for the registry containing the "cause" URI parameter. (This document
asks
to add itself as a reference to that existing registration). The
shepherd's
writeup does a good job of explaining why Informational is
appropriate.