Multiple-Recipient MESSAGE Requests in the Session Initiation Protocol (SIP)
draft-ietf-sip-uri-list-message-03

[Ballot comment]
COMMENTS

1. Page 10, grammar nit:  please fix the sentence that reads

  Failing to copy the From header field of the sender would
  prevent the recipient to get a hint of the sender's identity.

Along with the grammar fix, I'd like a stronger term than "hint".  How about

  Failure to copy the From header field of the sender results
  in unacceptable security and privacy failures.

Still vague but maybe there's something better.

2. The requirement related to CSeq should reference RFC3261?

3. The VIA header field that the URI-list service adds should distinguish what it did from pure forwarding.  Is there room in SIP Via headers to indicate the function that was performed?

[Ballot discuss]
DISCUSS:

If I follow the design correctly:
- the URI-List is one part of the multipart body of the MESSAGE
- the contents to be forwarded are other parts of the multipart body
- the Content-Disposition value of 'recipient-list' triggers the URI-List service to do fanout

Because of this design, if an attacker sends me a message with an unused 'recipient-list' body part, and convinces me to reply to the message or to forward (e.g. to an admin or to report spam) then *my* URI-List service will do fanout on my behalf even though I didn't intend.

Is there some protection from this attack that I've missed?

A less important issue is that in example figure 3, the Via header that was originally on the message was removed.  If that is the correct behavior, it needs to be better highlighted in the text.  Otherwise, I would think that the correct behavior is to add the URI-List service's VIA header without removing VIA headers already there.

IANA Last Call comments:

Upon approval of this document, the IANA will make the following
assignments in the "Session Initiation Protocol (SIP) Parameters"
registry located at
http://www.iana.org/assignments/sip-parameters
sub-registry "Option Tags"

Name Description Reference
------------------------ ------------------------------ -----------
recipient-list-message The body contains a list of
[RFC-sip-uri-list-message-02]
URIs that indicates the
recipients of the SIP
MESSAGE request

We understand the above to be the only IANA Action for this
document.

PROTO Write-up

(1.b) Has the document had adequate review both from key WG members
and from key non-WG members? Does the Document Shepherd have
any concerns about the depth or breadth of the reviews that
have been performed?

Document history:
* draft-camarillo-sipping-exploders-solution-00 was submitted November
22nd 2003 and expired May 22nd 2004.
* draft-camarillo-sipping-exploders-00 was submitted September 9th 2003
and expired March 9th 2004.
* draft-camarillo-sipping-exploders-02 was submitted February 6th 2004
and expired August 6th 2004.
* draft-camarillo-sipping-exploders-03 was submitted February 2004 and
expired August 1st 2004.
* draft-camarillo-sipping-uri-list-01 was submitted 6th February 2004
and expired 6th August 2004.
* draft-camarillo-uri-list-02 was submitted 27th March 2004 and expired
25th September 2004.
* draft-ietf-sipping-uri-list-00 was submitted 30th May 2004 and expired
30th November 2004.
* draft-ietf-sipping-uri-list-message-00 was submitted 7th July 2004 and
expired 5th January 2005.
* draft-ietf-sipping-uri-list-message-01 was submitted 14th October 2004
and expired 14th April 2005.
* draft-ietf-sipping-uri-list-message-02 was submitted 2nd December 2004
and expired 2nd June 2005.
* draft-ietf-sipping-uri-list-message-03 was submitted 15th April 2005
and expired 15th October 2005.
* draft-ietf-sipping-uri-list-message-04 was submitted 24th October 2005
and expired 24th April 2006.
* draft-ietf-sipping-uri-list-message-05 was submitted 18th January 2006
and expired 18th July 2006.
* draft-ietf-sipping-uri-list-message-06 was submitted 31st January 2006
and expired 30th July 2006.
* draft-ietf-sipping-uri-list-message-07 was submitted 27th February
2006 and expired 27th August 2006.
* draft-ietf-sipping-uri-list-message-08 was submitted 5th September
2006 and expired 5th March 2007.
* draft-ietf-sip-uri-list-message-00 was submitted 24th September 2006
and expires 24th March 2007.
* draft-ietf-sip-uri-list-message-01 was submitted 8th January 2007 and
expires 8th July 2007.

WGLC was initiated in the SIPPING WG on draft-ietf-sipping-uri-list-message-
02 on 12th January 2005 with comments requested by 12th February 2005.

Review was made and no comments were received. During the course of the work
comments have also been made by: Paul Kyzivat, Dean Willis, Jari Urpalainen.

draft-ietf-sipping-uri-list-message-07 was extended to refer to draft-ietf-
sipping-capacity-attribute.

The document was moved from the SIPPING WG to the SIP WG in conformance with
RFC 3427 because it defines an option tag (this was added at a late stage in
the review process). The document was regarded by the SIPPING WG chairs as
being adequately reviewed and no further review took place in the SIP WG.
The SIP mailing list was polled on this status and no complaint was made.

(1.c) Does the Document Shepherd have concerns that the document
needs more review from a particular or broader perspective,
e.g., security, operational complexity, someone familiar with
AAA, internationalization or XML?

The document defines mechanisms that are entirely internal to the Session
Initiation Protocol (SIP). The document shepherd considers that no external
review from an external specialist is necessary.

(1.d) Does the Document Shepherd have any specific concerns or
issues with this document that the Responsible Area Director
and/or the IESG should be aware of? For example, perhaps he
or she is uncomfortable with certain parts of the document, or
has concerns whether there really is a need for it. In any
event, if the WG has discussed those issues and has indicated
that it still wishes to advance the document, detail those
concerns here.

The document defines a new SIP protocol extension for a particular purpose
in a form that has been used for many other extensions. The document
shepherd has no concerns with the document.

(1.e) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with
others being silent, or does the WG as a whole understand and
agree with it?

There is a strong requirement from OMA for a SIP solution in this area. The
document also forms part of 3GPP Release 6 content.

(1.f) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in
separate email messages to the Responsible Area Director. (It
should be in a separate email because this questionnaire is
entered into the ID Tracker.)

None indicated.

(1.g) Has the Document Shepherd personally verified that the
document satisfies all ID nits? (See
http://www.ietf.org/ID-Checklist.html and
http://tools.ietf.org/tools/idnits/). Boilerplate checks are
not enough; this check needs to be thorough. Has the document
met all formal review criteria it needs to, such as the MIB
Doctor, media type and URI type reviews?

The document has been reviewed against the guidelines in RFC 4485 and it is
believed that the document is conformant with those guidelines.

While the document defines a new SIP option tag, these have been performed
as a SIP working group item, and therefore this draft is in conformance with
RFC 3427.

For ID-NITS the document has been checked against idnits 1.123 and no issues
have been found.

(1.h) Has the document split its references into normative and
informative? Are there normative references to documents that
are not ready for advancement or are otherwise in an unclear
state? If such normative references exist, what is the
strategy for their completion? Are there normative references
that are downward references, as described in [RFC3967]? If
so, list these downward references to support the Area
Director in the Last Call procedure for them [RFC3967].

The document has split its references into normative and informative
references. All the normative references are now published RFCs except as
follows:
* reference [10] draft-ietf-simple-xcap-list-usage-05 is in IESG review
as proposed standard.
* reference [11] draft-ietf-sipping-uri-services-06 has been submitted
to the IESG by the SIPPING group as proposed standard.
* reference [12] draft-ietf-sipping-capacity-attribute-03 is currently
in WGLC in the SIPPING group.

It should be noted that reference [7] is a normative reference despite being
an informational RFC. It is believed that this meets the criteria of RFC
3967.

The document needs no informative references.

(1.i) Has the Document Shepherd verified that the document IANA
consideration section exists and is consistent with the body
of the document? If the document specifies protocol
extensions, are reservations requested in appropriate IANA
registries? Are the IANA registries clearly identified? If
the document creates a new registry, does it define the
proposed initial contents of the registry and an allocation
procedure for future registrations? Does it suggested a
reasonable name for the new registry? See
[I-D.narten-iana-considerations-rfc2434bis]. If the document
describes an Expert Review process has Shepherd conferred with
the Responsible Area Director so that the IESG can appoint the
needed Expert during the IESG Evaluation?

Section 11 of the document registers a new option-tag; the new option-tag is
defined elsewhere in the document. This registration is consistent with RFC
3968 which defines the registry and is also consistent with the current
format of the registry.

(1.j) Has the Document Shepherd verified that sections of the
document that are written in a formal language, such as XML
code, BNF rules, MIB definitions, etc., validate correctly in
an automated checker?

The document contains no entries written in formal language. While the
document makes use of XML within a SIP message body, that XML is defined by
other documents (RFC 4488, draft-ietf-simple-xcap-list-usage-05), and used
in this specification by reference. Figure 2, and figure 3 contain an
example of this XML usage which is apparently well-formed.

(1.k) The IESG approval announcement includes a Document
Announcement Write-Up. Please provide such a Document
Announcement Writeup? Recent examples can be found in the
"Action" announcements for approved documents. The approval
announcement contains the following sections:

Technical Summary

This document specifies a mechanism that allows a SIP User Agent Client (UAC)
to request a SIP URI-list (Uniform Resource Identifier list) service to send
a SIP MESSAGE request to a set of destinations. The client sends a SIP
MESSAGE request that includes the payload along with the URI-list to the
MESSAGE URI-list service, which sends a similar MESSAGE request to each of
the URIs included in the list.

Working Group Summary

The document was originally produced by the SIPPING working group, but was
transferred to the SIP working group due to the need to define a new option
tag, in conformance with RFC 3427. There is consensus in the WG to publish
this document.

Document Quality

There is a strong requirement from OMA and 3GPP for a SIP solution in this
area.

Personnel

Keith Drage is the document shepherd for this document. Cullen Jennings is
the responsible Area Director.