Skip to main content

Framework and Security Considerations for Session Initiation Protocol (SIP) URI-List Services
draft-ietf-sipping-uri-services-07

Yes

(Jon Peterson)

No Objection

(Cullen Jennings)
(Dan Romascanu)
(David Ward)
(Lars Eggert)
(Magnus Westerlund)
(Mark Townsley)
(Pasi Eronen)
(Ron Bonica)
(Ross Callon)
(Tim Polk)

Note: This ballot was opened for revision 07 and is now closed.

Jon Peterson Former IESG member
Yes
Yes () Unknown

                            
Chris Newman Former IESG member
No Objection
No Objection (2008-06-30) Unknown
>   recipients as the ones specified by the client).  To prevent this
>   attack, clients SHOULD integrity protect URI lists using mechanisms
>   such as S/MIME, which can also provide URI-list confidentiality if
>   needed.

Given I've never seen S/MIME deploy outside limited enclaves, I question
if this mitigation will actually deploy on Internet scale.  Can you
suggest an alternative mitigation option that may not be as strong as
S/MIME, but might actually be deployable (e.g., hop-to-hop TLS/DTLS,
leap-of-faith keying similar to SSH, etc)?

I find it both misleading and distasteful to use "SHOULD" when it's
something that's likely to remain unimplemented or rarely deployed.

I do not view this issue as a barrier to proposed status, but it would
be a barrier to future advancement so it might be better to be realistic
now.

>            recipient-list    the body contains a list of URIs

This is unclear and misleading for a "disposition".  A disposition
should describe how the content is used, while the media type should
describe what's in the content.  This should be easy to fix.

I suggest instead
            recipient-list    process as URI list

A more verbose description would be:

The "recipient-list" disposition results in a conversion of the body's
content-type to an abstract list of URIs which are then processed by the
service.
Cullen Jennings Former IESG member
No Objection
No Objection () Unknown

                            
Dan Romascanu Former IESG member
No Objection
No Objection () Unknown

                            
David Ward Former IESG member
No Objection
No Objection () Unknown

                            
Lars Eggert Former IESG member
(was Discuss) No Objection
No Objection () Unknown

                            
Magnus Westerlund Former IESG member
No Objection
No Objection () Unknown

                            
Mark Townsley Former IESG member
No Objection
No Objection () Unknown

                            
Pasi Eronen Former IESG member
No Objection
No Objection () Unknown

                            
Ron Bonica Former IESG member
No Objection
No Objection () Unknown

                            
Ross Callon Former IESG member
No Objection
No Objection () Unknown

                            
Tim Polk Former IESG member
No Objection
No Objection () Unknown