Skip to main content

Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies
draft-ietf-sip-fork-loop-fix-08

Revision differences

Document history

Date Rev. By Action
2018-12-20
08 (System)
Received changes through RFC Editor sync (changed abstract to 'This document normatively updates RFC 3261, the Session Initiation Protocol (SIP), to address a security …
Received changes through RFC Editor sync (changed abstract to 'This document normatively updates RFC 3261, the Session Initiation Protocol (SIP), to address a security vulnerability identified in SIP proxy behavior. This vulnerability enables an attack against SIP networks where a small number of legitimate, even authorized, SIP requests can stimulate massive amounts of proxy-to-proxy traffic.

This document strengthens loop-detection requirements on SIP proxies when they fork requests (that is, forward a request to more than one destination). It also corrects and clarifies the description of the loop-detection algorithm such proxies are required to implement. Additionally, this document defines a Max-Breadth mechanism for limiting the number of concurrent branches pursued for any given request. [STANDARDS-TRACK]')
2017-06-20
Jasmine Magallanes Posted related IPR disclosure: Alcatel Lucent's Statement about IPR related to RFC 5393
2017-06-20
Jasmine Magallanes Posted related IPR disclosure: Alcatel Lucent's Statement about IPR related to RFC 5393
2015-10-14
08 (System) Notify list changed from sip-chairs@ietf.org, RjS@nostrum.com, draft-ietf-sip-fork-loop-fix@ietf.org to (None)
2012-08-22
08 (System) post-migration administrative database adjustment to the No Objection position for Pasi Eronen
2012-08-22
08 (System) post-migration administrative database adjustment to the No Objection position for Tim Polk
2008-12-16
08 Cindy Morgan State Changes to RFC Published from RFC Ed Queue by Cindy Morgan
2008-12-16
08 Cindy Morgan [Note]: 'RFC 5393' added by Cindy Morgan
2008-12-12
08 (System) RFC published
2008-11-25
08 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2008-11-17
08 (System) IANA Action state changed to Waiting on RFC Editor from In Progress
2008-11-17
08 (System) IANA Action state changed to In Progress from Waiting on Authors
2008-11-14
08 (System) IANA Action state changed to Waiting on Authors from In Progress
2008-11-07
08 (System) IANA Action state changed to In Progress
2008-11-05
08 Cindy Morgan State Changes to RFC Ed Queue from Approved-announcement sent by Cindy Morgan
2008-11-05
08 Amy Vezza IESG state changed to Approved-announcement sent
2008-11-05
08 Amy Vezza IESG has approved the document
2008-11-05
08 Amy Vezza Closed "Approve" ballot
2008-11-05
08 Amy Vezza State Changes to Approved-announcement to be sent from IESG Evaluation::AD Followup by Amy Vezza
2008-11-05
08 Tim Polk [Ballot Position Update] Position for Tim Polk has been changed to No Objection from Undefined by Tim Polk
2008-11-05
08 Tim Polk [Ballot Position Update] Position for Tim Polk has been changed to Undefined from Discuss by Tim Polk
2008-11-03
08 Pasi Eronen [Ballot Position Update] Position for Pasi Eronen has been changed to No Objection from Discuss by Pasi Eronen
2008-10-29
08 (System) Sub state has been changed to AD Follow up from New Id Needed
2008-10-29
08 (System) New version available: draft-ietf-sip-fork-loop-fix-08.txt
2008-10-24
08 (System) Removed from agenda for telechat - 2008-10-23
2008-10-23
08 Amy Vezza State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation by Amy Vezza
2008-10-23
08 David Ward [Ballot Position Update] New position, No Objection, has been recorded by David Ward
2008-10-23
08 Mark Townsley [Ballot Position Update] New position, No Objection, has been recorded by Mark Townsley
2008-10-23
08 Chris Newman [Ballot Position Update] New position, No Objection, has been recorded by Chris Newman
2008-10-23
08 Dan Romascanu [Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu
2008-10-23
08 Jari Arkko [Ballot Position Update] New position, Yes, has been recorded by Jari Arkko
2008-10-23
08 Magnus Westerlund [Ballot Position Update] New position, No Objection, has been recorded by Magnus Westerlund
2008-10-22
08 Ross Callon [Ballot Position Update] New position, No Objection, has been recorded by Ross Callon
2008-10-22
08 Lisa Dusseault [Ballot Position Update] New position, No Objection, has been recorded by Lisa Dusseault
2008-10-22
08 Tim Polk
[Ballot comment]
I was a little confused by the compliance language in section 4.2.1 and 4.2.2 of this
specification.  Specifically:

In 4.2.1, the paragraph beginning …
[Ballot comment]
I was a little confused by the compliance language in section 4.2.1 and 4.2.2 of this
specification.  Specifically:

In 4.2.1, the paragraph beginning with "Proxies required to perform loop-detection ..."
contains the following conformance requirement:

          "Such proxies SHOULD create a branch value separable into two parts ..."

implying that they can perform this loop detection even if they don't generate two part
branch values.

In 4.2.2, the Loop Detection Check is defined based on the presence of the second part.
This implies the statement above needs to be MUST.

I may be missing something, but I would suggest the authors review 4.2.1 and 4.2.2
to ensure that the conformance requirements are consistent.
2008-10-22
08 Tim Polk
[Ballot comment]
I was a little confused by the compliance language in section 4.2.1 and 4.2.2 of this specification.  Specifically:

In 4.2.1, the paragraph beginning …
[Ballot comment]
I was a little confused by the compliance language in section 4.2.1 and 4.2.2 of this specification.  Specifically:

In 4.2.1, the paragraph beginning with "Proxies required to perform loop-detection ..." contains the following conformance requirement:

          "Such proxies SHOULD create a branch value separable into two parts ..."

implying that they can perform this loop detection even if they don't generate two part
branch values.

In 4.2.2, the Loop Detection Check is defined based on the presence of the second part.
This implies the statement above needs to be MUST.

I may be missing something, but I would suggest the authors review 4.2.1 and 4.2.2
to ensure that the conformance requirements are consistent.
2008-10-22
08 Tim Polk
[Ballot discuss]
I would like to note up front that I support publication of this document.  I feel it is
important to publish this specification …
[Ballot discuss]
I would like to note up front that I support publication of this document.  I feel it is
important to publish this specification and achieve the incremental security improvements
it offers. I am not advocating any changes in the WG consensus mechanisms  - e.g., no
changes to bits on the wire - although I hope to see follow-up work in the future.

That said, I believe the document does not adequately document the limitations of the
mechanisms.  Reading this document alone, I would believe that the set of mechanisms
is a complete solution, and that further WG attention is not required.  The conversation
around Charlie Kaufman's secdir review demonstrates that is *not* the case.

In particular, the Security Considerations section is devoted primarily to four rejected
alternatives.  What is really needed here is a description of the security considerations
associated with the wg's consensus solution.  Since overload is still a distinct possibility,
the security considerations section should describe possible mitigation strategies as well.
Charlie suggested several strategies (e.g., checking parallel queries that are pending
flagging detected loops for follow-up) that might be appropriate, I'm sure the authors are
aware of mitigation strategies.
2008-10-22
08 Tim Polk [Ballot Position Update] New position, Discuss, has been recorded by Tim Polk
2008-10-21
08 Ron Bonica [Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica
2008-10-21
08 Pasi Eronen
[Ballot discuss]
I have reviewed draft-ietf-sip-fork-loop-fix-07, and there's one
concern I'd like to briefly discuss before recommending approval of
the document:

It seems that …
[Ballot discuss]
I have reviewed draft-ietf-sip-fork-loop-fix-07, and there's one
concern I'd like to briefly discuss before recommending approval of
the document:

It seems that proposed mechanisms don't work very well when SBCs (or
other similar B2BUAs) are present -- does this mean the "doomsday
scenario" described in Section 3 can still occur in deployments that
have SBCs? (which means most real-world deployments, right?)
2008-10-21
08 Pasi Eronen [Ballot Position Update] New position, Discuss, has been recorded by Pasi Eronen
2008-10-19
08 Russ Housley [Ballot Position Update] New position, No Objection, has been recorded by Russ Housley
2008-10-17
08 Cullen Jennings State Changes to IESG Evaluation from Waiting for AD Go-Ahead by Cullen Jennings
2008-10-17
08 Cullen Jennings Placed on agenda for telechat - 2008-10-23 by Cullen Jennings
2008-10-17
08 Cullen Jennings [Ballot Position Update] New position, Yes, has been recorded for Cullen Jennings
2008-10-17
08 Cullen Jennings Ballot has been issued by Cullen Jennings
2008-10-17
08 Cullen Jennings Created "Approve" ballot
2008-09-29
08 Amanda Baber
IANA Last Call comments:

Action 1 (section 6.1):

Upon approval of this document, the IANA will make the following
assignmentsin the "Header Fields" registry at …
IANA Last Call comments:

Action 1 (section 6.1):

Upon approval of this document, the IANA will make the following
assignmentsin the "Header Fields" registry at
http://www.iana.org/assignments/sip-parameters

Header Name compact Reference
----------------- ------- ---------
Max-Breadth [RFC-sip-fork-loop-fix-07]


Action 2 (section 6.2):

Upon approval of this document, the IANA will make the following
assignments in the "Response Codes" registry at
http://www.iana.org/assignments/sip-parameters

Response Code Reference
------------------------------------------ ---------
TBD [440] Max-Breadth Exceeded [RFC-sip-fork-loop-fix-07]
2008-09-29
08 (System) State has been changed to Waiting for AD Go-Ahead from In Last Call by system
2008-09-15
08 Cindy Morgan Last call sent
2008-09-15
08 Cindy Morgan State Changes to In Last Call from Last Call Requested by Cindy Morgan
2008-09-15
08 Cullen Jennings State Change Notice email list have been change to sip-chairs@tools.ietf.org, RjS@nostrum.com, draft-ietf-sip-fork-loop-fix@tools.ietf.org from sip-chairs@tools.ietf.org, RjS@nostrum.com
2008-09-15
08 Cullen Jennings Last Call was requested by Cullen Jennings
2008-09-15
08 Cullen Jennings State Changes to Last Call Requested from AD Evaluation by Cullen Jennings
2008-09-15
08 Cullen Jennings State Changes to AD Evaluation from Publication Requested by Cullen Jennings
2008-07-08
08 Cindy Morgan State Changes to Publication Requested from AD is watching by Cindy Morgan
2008-07-08
08 Cindy Morgan
PROTO writeup for http://www.ietf.org/internet-drafts/draft-ietf-sip-fork-
loop-fix-07.txt: " Addressing an Amplification Vulnerability in
Session Initiation Protocol (SIP) Forking Proxies"

  (1.a)  Who is the Document Shepherd for …
PROTO writeup for http://www.ietf.org/internet-drafts/draft-ietf-sip-fork-
loop-fix-07.txt: " Addressing an Amplification Vulnerability in
Session Initiation Protocol (SIP) Forking Proxies"

  (1.a)  Who is the Document Shepherd for this document?  Has the
          Document Shepherd personally reviewed this version of the
          document and, in particular, does he or she believe this
          version is ready for forwarding to the IESG for publication?

Keith Drage

The document has been reviewed and is ready for forwarding to IESG for
publication as a proposed standard.

  (1.b)  Has the document had adequate review both from key WG members
          and from key non-WG members?  Does the Document Shepherd have
          any concerns about the depth or breadth of the reviews that
          have been performed?

Document history:
* draft-lawrence-maxforward-problems-00 was submitted 16th October 2005
and expired 19th April 2006.
* draft-ietf-sip-fork-loop-fix-00 was submitted 1st March 2006 and
expired on 1st September 2006.
* draft-ietf-sip-fork-loop-fix-01 was submitted 4th April 2006 and
expired on 4th October 2006.
* draft-ietf-sip-fork-loop-fix-02 was submitted 27th June 2006 and
expired on 27th December 2006.
* draft-ietf-sip-fork-loop-fix-03 was submitted 7th September 2006 and
expired on 7th March 2007.
* draft-ietf-sip-fork-loop-fix-04 was submitted 21st October 2006 and
expired on 24th April 2007.
* draft-ietf-sip-fork-loop-fix-05 was submitted 7th March 2007 and
expired on 8th September 2007.
* draft-ietf-sip-fork-loop-fix-06 was submitted on 3rd November 2007 and
expired on 6th May 2008.
* draft-ietf-sip-fork-loop-fix-07 was submitted on 3rd July 2008 and
expires on 4th January 2009.

WGLC was initiated in the SIP WG on draft-ietf-sip-fork-loop-fix-01 on
10th April 2006 with comments requested by 7th May 2006.

Review was made and comments were received from: Christer Holmberg, Jonathan
Rosenberg, Vijay Gurbani, Cullen Jennings, Jeroen van Bemmel, Ravishankar
Shiroor, Dale Worley, Scott Lawrence, Samir Srivastava, Peter Cordell,
Thomas Froment, Juha Heinanen, Thomas Leseney, David Benoit, Kasturi
Narayanan, Atul Kumar Jha, Theo Zourzouvillys, Paul Kyzivat, Dean Willis,
Michael Thomas, Eric Rescorla.

Key discussion issues have been:

* Selection of a hash algorithm to be used. Section 4.2.3 of the
document indicates the results of the discussion in this area.
* Identification of a more optimal loop detection algorithm (see draft-
campen-sipping-stack-loop-detect-00) which was not proceeded with, as
it could not be shown to provide significant improvements for a
standards track solution.

Some elements of the original proposal were split out in draft-sparks-
sipping-max-breadth-00 and draft-campen-sipping-stack-loop-detect-00. There
was also further input in draft-srivastava-sipping-loop-avoidance-00. These
documents have not been proceeded with.

The -05 version of the document was submitted to IESG on 2nd April 2007, and
was returned from IESG on 13th December 2007. SecDir review of the -05
version submitted for publication uncovered a variation of the attack
described in this document that was not reasonably mitigated with loop-
detection alone. The document went back to the working group and the max-
breadth mechanism (draft-sparks-sipping-max-breadth-01), which was already
being discussed separately, was added to this document to address the
identified risk.

WGLC was initiated in the SIP WG on draft-ietf-sip-fork-loop-fix-06 on 7th
December 2007 with comments requested by 21st December 2007.

There was only one response to this WGLC and this was a late response from
Jan Kolomaznik.


  (1.c)  Does the Document Shepherd have concerns that the document
          needs more review from a particular or broader perspective,
          e.g., security, operational complexity, someone familiar with
          AAA, internationalization or XML?

The document defines mechanisms that are entirely internal to the Session
Initiation Protocol (SIP). The document shepherd considers that no external
review from an external specialist is necessary.

  (1.d)  Does the Document Shepherd have any specific concerns or
          issues with this document that the Responsible Area Director
          and/or the IESG should be aware of?  For example, perhaps he
          or she is uncomfortable with certain parts of the document, or
          has concerns whether there really is a need for it.  In any
          event, if the WG has discussed those issues and has indicated
          that it still wishes to advance the document, detail those
          concerns here.

The document provides a correction to the existing SIP protocol defined in
RFC 3261. The problem has been identified as part of the SIPit
interoperability testing. The document shepherd has no concerns with the
document.

  (1.e)  How solid is the WG consensus behind this document?  Does it
          represent the strong concurrence of a few individuals, with
          others being silent, or does the WG as a whole understand and
          agree with it?

The proposal has had wide discussion in all aspects in the WG and key be
represented as having consensus amongst all key individuals.

  (1.f)  Has anyone threatened an appeal or otherwise indicated extreme
          discontent?  If so, please summarise the areas of conflict in
          separate email messages to the Responsible Area Director.  (It
          should be in a separate email because this questionnaire is
          entered into the ID Tracker.)

None indicated.

  (1.g)  Has the Document Shepherd personally verified that the
          document satisfies all ID nits?  (See
          http://www.ietf.org/ID-Checklist.html and
          http://tools.ietf.org/tools/idnits/).  Boilerplate checks are
          not enough; this check needs to be thorough.  Has the document
          met all formal review criteria it needs to, such as the MIB
          Doctor, media type and URI type reviews?

Normally SIP documents should conform to RFC 4485. However as this document
identifies a correction to RFC 3261, it does not need to follow those
guidelines, but merely has to state the changed to RFC 3261.

There are no conformance issues with RFC 3427.

For ID-NITS the checks against idnits 2.08.10 report no NITS found.

  (1.h)  Has the document split its references into normative and
          informative?  Are there normative references to documents that
          are not ready for advancement or are otherwise in an unclear
          state?  If such normative references exist, what is the
          strategy for their completion?  Are there normative references
          that are downward references, as described in [RFC3967]?  If
          so, list these downward references to support the Area
          Director in the Last Call procedure for them [RFC3967].

The document has appropriately split its references into normative and
informative references. All the normative references are now published
standards track RFCs.

There is one informative reference (draft-ietf-sip-outbound) that is not yet
published.

  (1.i)  Has the Document Shepherd verified that the document IANA
          consideration section exists and is consistent with the body
          of the document?  If the document specifies protocol
          extensions, are reservations requested in appropriate IANA
          registries?  Are the IANA registries clearly identified?  If
          the document creates a new registry, does it define the
          proposed initial contents of the registry and an allocation
          procedure for future registrations?  Does it suggested a
          reasonable name for the new registry?  See
          [I-D.narten-iana-considerations-rfc2434bis].  If the document
          describes an Expert Review process has Shepherd conferred with
          the Responsible Area Director so that the IESG can appoint the
          needed Expert during the IESG Evaluation?

The document defines one new header field, and one new response code. The
process for adding these is defined in RFC 3427 and those requirements have
been completed with. The IANA registrations have been verified to be in
conformance with the existing IANA registries.

  (1.j)  Has the Document Shepherd verified that sections of the
          document that are written in a formal language, such as XML
          code, BNF rules, MIB definitions, etc., validate correctly in
          an automated checker?

The document defines a Max-Breadth header field, defined using ABNF. This is
trivial and has been verified to be correct by inspection only.

  (1.k)  The IESG approval announcement includes a Document
          Announcement Write-Up.  Please provide such a Document
          Announcement Writeup?  Recent examples can be found in the
          "Action" announcements for approved documents.  The approval
          announcement contains the following sections:

Technical Summary

This document normatively updates RFC 3261, the Session Initiation Protocol
(SIP), to address a security vulnerability identified in SIP proxy behavior. 
This vulnerability enables an attack against SIP networks where a small
number of legitimate, even authorized, SIP requests can stimulate massive
amounts of proxy-to-proxy traffic.

This document strengthens loop-detection requirements on SIP proxies when
they fork requests (that is, forward a request to more than one destination). 
It also corrects and clarifies the description of the loop-detection
algorithm such proxies are required to implement. Additionally, this
document defines a Max-Breadth mechanism for limiting the number of
concurrent branches pursued for any given request.

Working Group Summary

The document was produced by the SIP working group. There is consensus in
the WG to publish this document.

Document Quality

The document has been produced as a result of an issue identified during
SIPit interoperability testing.

Personnel

Keith Drage is the document shepherd for this document. Cullen Jennings is
the responsible Area Director. The IANA Expert(s) for the registries in this
document are .
2008-07-03
07 (System) New version available: draft-ietf-sip-fork-loop-fix-07.txt
2008-05-06
08 Cindy Morgan State Changes to AD is watching from Dead by Cindy Morgan
2008-05-06
08 (System) This document has been resurrected.
2008-05-06
08 (System) Document has expired
2008-05-06
08 (System) State Changes to Dead from AD is watching by system
2007-12-13
08 Cullen Jennings State Changes to AD is watching from Waiting for AD Go-Ahead::AD Followup by Cullen Jennings
2007-12-13
08 Cullen Jennings [Note]: 'Keith Drage is the PROTO shepherd' added by Cullen Jennings
2007-12-06
08 (System) Sub state has been changed to AD Follow up from New Id Needed
2007-12-06
06 (System) New version available: draft-ietf-sip-fork-loop-fix-06.txt
2007-10-05
08 Cullen Jennings [Note]: 'This draft may go back to the WG
Keith Drage is the PROTO shepherd' added by Cullen Jennings
2007-10-05
08 Cullen Jennings Status date has been changed to 2008-01-01 from 2007-07-17
2007-07-05
08 Cullen Jennings State Changes to Waiting for AD Go-Ahead::Revised ID Needed from Waiting for AD Go-Ahead by Cullen Jennings
2007-07-02
08 Cullen Jennings Sent email to SIP WG list. Will wait to hear back from WG.
2007-07-02
08 Cullen Jennings Status date has been changed to 2007-07-17 from
2007-05-14
08 (System) State has been changed to Waiting for AD Go-Ahead from In Last Call by system
2007-05-11
08 Samuel Weiler Request for Last Call review by SECDIR Completed. Reviewer: Charlie Kaufman.
2007-05-07
08 Yoshiko Fong IANA Last Call Comments:

As described in the IANA Considerations section, we understand
this document to have NO IANA Actions.
2007-05-03
08 Samuel Weiler Request for Last Call review by SECDIR is assigned to Charlie Kaufman
2007-05-03
08 Samuel Weiler Request for Last Call review by SECDIR is assigned to Charlie Kaufman
2007-04-30
08 Amy Vezza State Changes to In Last Call from Last Call Requested by Amy Vezza
2007-04-29
08 Cullen Jennings State Changes to Last Call Requested from AD Evaluation by Cullen Jennings
2007-04-29
08 Cullen Jennings Last Call was requested by Cullen Jennings
2007-04-29
08 (System) Ballot writeup text was added
2007-04-29
08 (System) Last call text was added
2007-04-29
08 (System) Ballot approval text was added
2007-04-27
08 Cullen Jennings [Note]: 'Keith Drage is the PROTO shepherd' added by Cullen Jennings
2007-04-27
08 Cullen Jennings State Change Notice email list have been change to sip-chairs@tools.ietf.org, RjS@nostrum.com from sip-chairs@tools.ietf.org
2007-04-27
08 Cullen Jennings State Changes to AD Evaluation from Publication Requested by Cullen Jennings
2007-04-02
08 Dinara Suleymanova
PROTO Write-up

(1.a) Who is the Document Shepherd for this document? Has the
Document Shepherd personally reviewed this version of the
document and, in particular, …
PROTO Write-up

(1.a) Who is the Document Shepherd for this document? Has the
Document Shepherd personally reviewed this version of the
document and, in particular, does he or she believe this
version is ready for forwarding to the IESG for publication?

Keith Drage

The document has been reviewed and is ready for forwarding to IESG for
publication as a proposed standard.

(1.b) Has the document had adequate review both from key WG members
and from key non-WG members? Does the Document Shepherd have
any concerns about the depth or breadth of the reviews that
have been performed?

Document history:
* draft-lawrence-maxforward-problems-00 was submitted 16th October 2005
and expired 19th April 2006.
* draft-ietf-sip-fork-loop-fix-00 was submitted 1st March 2006 and
expired on 1st September 2006.
* draft-ietf-sip-fork-loop-fix-01 was submitted 4th April 2006 and
expired on 4th October 2006.
* draft-ietf-sip-fork-loop-fix-02 was submitted 27th June 2006 and
expired on 27th December 2006.
* draft-ietf-sip-fork-loop-fix-03 was submitted 7th September 2006 and
expired on 7th March 2007.
* draft-ietf-sip-fork-loop-fix-04 was submitted 21st October 2006 and
will expire on 24th April 2007.
* draft-ietf-sip-fork-loop-fix-05 was submitted 7th March 2007 and will
expire on 8th September 2007.

WGLC was initiated in the SIP WG on draft-ietf-sip-fork-loop-fix-01 on
10th April 2006 with comments requested by 7th May 2006.

Review was made and comments were received from: Christer Holmberg, Jonathan
Rosenberg, Vijay Gurbani, Cullen Jennings, Jeroen van Bemmel, Ravishankar
Shiroor, Dale Worley, Scott Lawrence, Samir Srivastava, Peter Cordell,
Thomas Froment, Juha Heinanen, Thomas Leseney, David Benoit, Kasturi
Narayanan, Atul Kumar Jha, Theo Zourzouvillys, Paul Kyzivat, Dean Willis,
Michael Thomas, Eric Rescorla.

Key discussion issues have been:

* Selection of a hash algorithm to be used. Section 4.2.3 of the
document indicates the results of the discussion in this area.
* Identification of a more optimal loop detection algorithm (see draft-
campen-sipping-stack-loop-detect-00) which was not proceeded with, as
it could not be shown to provide significant improvements for a
standards track solution.

Some elements of the original proposal were split out in draft-sparks-
sipping-max-breadth-00 and draft-campen-sipping-stack-loop-detect-00. There
was also further input in draft-srivastava-sipping-loop-avoidance-00. These
documents have not been proceeded with.

(1.c) Does the Document Shepherd have concerns that the document
needs more review from a particular or broader perspective,
e.g., security, operational complexity, someone familiar with
AAA, internationalization or XML?

The document defines mechanisms that are entirely internal to the Session
Initiation Protocol (SIP). The document shepherd considers that no external
review from an external specialist is necessary.

(1.d) Does the Document Shepherd have any specific concerns or
issues with this document that the Responsible Area Director
and/or the IESG should be aware of? For example, perhaps he
or she is uncomfortable with certain parts of the document, or
has concerns whether there really is a need for it. In any
event, if the WG has discussed those issues and has indicated
that it still wishes to advance the document, detail those
concerns here.

The document provides a correction to the existing SIP protocol defined in
RFC 3261. The problem has been identified as part of the SIPit
interoperability testing. The document shepherd has no concerns with the
document.

(1.e) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with
others being silent, or does the WG as a whole understand and
agree with it?

The proposal has had wide discussion in all aspects in the WG and key be
represented as having consensus amongst all key individuals.

(1.f) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in
separate email messages to the Responsible Area Director. (It
should be in a separate email because this questionnaire is
entered into the ID Tracker.)

None indicated.

(1.g) Has the Document Shepherd personally verified that the
document satisfies all ID nits? (See
http://www.ietf.org/ID-Checklist.html and
http://tools.ietf.org/tools/idnits/). Boilerplate checks are
not enough; this check needs to be thorough. Has the document
met all formal review criteria it needs to, such as the MIB
Doctor, media type and URI type reviews?

Normally SIP documents should conform to RFC 4485. However as this document
identifies a correction to RFC 3261, it does not need to follow those
guidelines, but merely has to state the changed to RFC 3261.

There are no conformance issues with RFC 3427.

For ID-NITS the checks against idnits 2.03.16 report no NITS found.

(1.h) Has the document split its references into normative and
informative? Are there normative references to documents that
are not ready for advancement or are otherwise in an unclear
state? If such normative references exist, what is the
strategy for their completion? Are there normative references
that are downward references, as described in [RFC3967]? If
so, list these downward references to support the Area
Director in the Last Call procedure for them [RFC3967].

The document has appropriately split its references into normative and
informative references. All the normative references are now published
standards track RFCs.

There is one informative reference (draft-ietf-sip-outbound) that is not yet
published.

(1.i) Has the Document Shepherd verified that the document IANA
consideration section exists and is consistent with the body
of the document? If the document specifies protocol
extensions, are reservations requested in appropriate IANA
registries? Are the IANA registries clearly identified? If
the document creates a new registry, does it define the
proposed initial contents of the registry and an allocation
procedure for future registrations? Does it suggested a
reasonable name for the new registry? See
[I-D.narten-iana-considerations-rfc2434bis]. If the document
describes an Expert Review process has Shepherd conferred with
the Responsible Area Director so that the IESG can appoint the
needed Expert during the IESG Evaluation?

There are no IANA considerations for this document, and none are needed.

(1.j) Has the Document Shepherd verified that sections of the
document that are written in a formal language, such as XML
code, BNF rules, MIB definitions, etc., validate correctly in
an automated checker?

The document contains no entries written in formal language.

(1.k) The IESG approval announcement includes a Document
Announcement Write-Up. Please provide such a Document
Announcement Writeup? Recent examples can be found in the
"Action" announcements for approved documents. The approval
announcement contains the following sections:

Technical Summary

This document normatively updates RFC 3261, the Session Initiation Protocol
(SIP), to address a security vulnerability identified in SIP proxy behavior.
This vulnerability enables an attack against SIP networks where a small
number of legitimate, even authorized, SIP requests can stimulate massive
amounts of proxy-to-proxy traffic.

This document strengthens loop-detection requirements on SIP proxies when
they fork requests (that is, forward a request to more than one destination).
It also corrects and clarifies the description of the loop-detection
algorithm such proxies are required to implement.

Working Group Summary

The document was produced by the SIP working group. There is consensus in
the WG to publish this document.

Document Quality

The document has been produced as a result of an issue identified during
SIPit interoperability testing.

Personnel

Keith Drage is the document shepherd for this document. Cullen Jennings is
the responsible Area Director.
2007-04-02
08 Dinara Suleymanova Draft Added by Dinara Suleymanova in state Publication Requested
2007-03-28
05 (System) New version available: draft-ietf-sip-fork-loop-fix-05.txt
2006-10-23
04 (System) New version available: draft-ietf-sip-fork-loop-fix-04.txt
2006-09-07
03 (System) New version available: draft-ietf-sip-fork-loop-fix-03.txt
2006-06-27
02 (System) New version available: draft-ietf-sip-fork-loop-fix-02.txt
2006-04-04
01 (System) New version available: draft-ietf-sip-fork-loop-fix-01.txt
2006-03-01
00 (System) New version available: draft-ietf-sip-fork-loop-fix-00.txt