Private Header (P-Header) Extensions to the Session Initiation Protocol (SIP) for the 3GPP
draft-drage-sipping-rfc3455bis-14
Yes
(Richard Barnes)
No Objection
(Adrian Farrel)
(Barry Leiba)
(Brian Haberman)
(Jari Arkko)
(Joel Jaeggli)
(Martin Stiemerling)
(Pete Resnick)
(Stephen Farrell)
Note: This ballot was opened for revision 13 and is now closed.
Richard Barnes Former IESG member
Yes
Yes
(for -13)
Unknown
Adrian Farrel Former IESG member
No Objection
No Objection
(for -13)
Unknown
Alissa Cooper Former IESG member
(was Discuss)
No Objection
No Objection
(2014-04-10 for -13)
Unknown
In side discussion with Richard, we came up with the following text to be added to 4.3: Note that P-Visited-Network information reveals the location of the user, to the level of the coverage area of the visited network. For a national network, for example, P-Visited-Network would reveal that the user is in the country in question. It would be helpful to state the hop-by-hop integrity protection requirement from 6.3 in 4.3.1 as well.
Barry Leiba Former IESG member
No Objection
No Objection
(for -13)
Unknown
Brian Haberman Former IESG member
No Objection
No Objection
(for -13)
Unknown
Jari Arkko Former IESG member
(was Discuss)
No Objection
No Objection
()
Unknown
Joel Jaeggli Former IESG member
No Objection
No Objection
(for -13)
Unknown
Kathleen Moriarty Former IESG member
No Objection
No Objection
(2014-04-07 for -13)
Unknown
Some comments to consider: Section 4.3.2 should cover privacy issues related to the content (DNS names) of the P-Visited-Network-ID header field. Section 4.6: The letter 't' is missing in the second to last paragraph at the end of the word present. When presen only one instance of the header MUST be present in a particular request or response. Section 5.5 and 5.6 cover P-Charging-Function-Addresses header field syntax and P-Charging-Vector header syntax respectively. The section does not include a discussion on fraud and it seems like this would be important? Several of the other sections do include security implications prior to the Security Considerations section. This is a non-blocking comment since trust and integrity are listed as important to prevent modifications, but it would be good to see mention of fraud as the motivation for an attack either in these sections or in the Security Considerations section.
Martin Stiemerling Former IESG member
No Objection
No Objection
(for -13)
Unknown
Pete Resnick Former IESG member
No Objection
No Objection
(for -13)
Unknown
Spencer Dawkins Former IESG member
No Objection
No Objection
(2014-04-08 for -13)
Unknown
In this text: 4.3.2.2. Procedures at the registrar and proxy Note that a received P-Visited-Network-ID from a UA is a failure case and MUST be deleted when the request is forwarded. is "a failure case" the right description?
Stephen Farrell Former IESG member
No Objection
No Objection
(for -13)
Unknown
Ted Lemon Former IESG member
No Objection
No Objection
(2014-04-10 for -13)
Unknown
In 4.1.1: The P-Associated-URI header field is applicable in SIP networks where the SIP provider a set of identities that a user can claim (in header fields like the From header field) in requests that the UA generates. I think you are missing a verb here.