Skip to main content

Framework and Security Considerations for Session Initiation Protocol (SIP) URI-List Services
draft-ietf-sipping-uri-services-07

Revision differences

Document history

Date Rev. By Action
2012-08-22
07 (System) post-migration administrative database adjustment to the No Objection position for Lars Eggert
2008-07-24
07 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2008-07-23
07 (System) IANA Action state changed to Waiting on RFC Editor from In Progress
2008-07-23
07 (System) IANA Action state changed to In Progress from Waiting on Authors
2008-07-16
07 Amy Vezza State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza
2008-07-15
07 (System) IANA Action state changed to Waiting on Authors from In Progress
2008-07-15
07 (System) IANA Action state changed to In Progress
2008-07-15
07 Cindy Morgan IESG state changed to Approved-announcement sent
2008-07-15
07 Cindy Morgan IESG has approved the document
2008-07-15
07 Cindy Morgan Closed "Approve" ballot
2008-07-15
07 Cindy Morgan State Changes to Approved-announcement to be sent from IESG Evaluation::AD Followup by Cindy Morgan
2008-07-14
07 Lars Eggert [Ballot Position Update] Position for Lars Eggert has been changed to No Objection from Discuss by Lars Eggert
2008-07-04
07 (System) Removed from agenda for telechat - 2008-07-03
2008-07-03
07 Cindy Morgan State Changes to IESG Evaluation::AD Followup from IESG Evaluation by Cindy Morgan
2008-07-03
07 David Ward [Ballot Position Update] New position, No Objection, has been recorded by David Ward
2008-07-03
07 Mark Townsley [Ballot Position Update] New position, No Objection, has been recorded by Mark Townsley
2008-07-03
07 Tim Polk [Ballot Position Update] New position, No Objection, has been recorded by Tim Polk
2008-07-03
07 Dan Romascanu [Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu
2008-07-03
07 Magnus Westerlund [Ballot Position Update] New position, No Objection, has been recorded by Magnus Westerlund
2008-07-02
07 Pasi Eronen [Ballot Position Update] New position, No Objection, has been recorded by Pasi Eronen
2008-07-02
07 Ross Callon [Ballot Position Update] New position, No Objection, has been recorded by Ross Callon
2008-07-02
07 Ron Bonica [Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica
2008-06-30
07 Chris Newman
[Ballot comment]
>  recipients as the ones specified by the client).  To prevent this
>  attack, clients SHOULD integrity protect URI lists using mechanisms
>  …
[Ballot comment]
>  recipients as the ones specified by the client).  To prevent this
>  attack, clients SHOULD integrity protect URI lists using mechanisms
>  such as S/MIME, which can also provide URI-list confidentiality if
>  needed.

Given I've never seen S/MIME deploy outside limited enclaves, I question
if this mitigation will actually deploy on Internet scale.  Can you
suggest an alternative mitigation option that may not be as strong as
S/MIME, but might actually be deployable (e.g., hop-to-hop TLS/DTLS,
leap-of-faith keying similar to SSH, etc)?

I find it both misleading and distasteful to use "SHOULD" when it's
something that's likely to remain unimplemented or rarely deployed.

I do not view this issue as a barrier to proposed status, but it would
be a barrier to future advancement so it might be better to be realistic
now.

>            recipient-list    the body contains a list of URIs

This is unclear and misleading for a "disposition".  A disposition
should describe how the content is used, while the media type should
describe what's in the content.  This should be easy to fix.

I suggest instead
            recipient-list    process as URI list

A more verbose description would be:

The "recipient-list" disposition results in a conversion of the body's
content-type to an abstract list of URIs which are then processed by the
service.
2008-06-30
07 Chris Newman [Ballot Position Update] New position, No Objection, has been recorded by Chris Newman
2008-06-30
07 Lars Eggert
[Ballot discuss]
Section 3.1., paragraph 2:
>    REQ 2:  The invocation mechanism SHOULD NOT require more than one RTT
>      (Round-Trip Time). …
[Ballot discuss]
Section 3.1., paragraph 2:
>    REQ 2:  The invocation mechanism SHOULD NOT require more than one RTT
>      (Round-Trip Time).

  Discuss-discuss: I'm not sure if I fully understand this requirement.
  Is this trying to express that an invocation operation on a URI-list
  should execute in less than some time duration? If so, this seems to
  be extremely dependent on a lot of external conditions. Also, since
  the time duration is defined as a round-trip time, the round-trip time
  between which two nodes in the network is meant here?


Section 8.1., paragraph 4:
>    [I-D.ietf-sipping-consent-framework]
>              Rosenberg, J., "A Framework for Consent-Based
>              Communications in the Session Initiation  Protocol (SIP)",
>              draft-ietf-sipping-consent-framework-05 (work in
>              progress), June 2006.

  Discuss: This is a DOWNREF, but easily fixed by citing the
  standards-track draft-ietf-sip-consent-framework instead of the older
  SIPPING draft.
2008-06-30
07 Lars Eggert [Ballot Position Update] New position, Discuss, has been recorded by Lars Eggert
2008-06-29
07 Cullen Jennings [Ballot Position Update] New position, No Objection, has been recorded by Cullen Jennings
2008-06-26
07 Jon Peterson Note field has been cleared by Jon Peterson
2008-06-26
07 Jon Peterson State Changes to IESG Evaluation from Waiting for AD Go-Ahead by Jon Peterson
2008-06-26
07 Jon Peterson Placed on agenda for telechat - 2008-07-03 by Jon Peterson
2008-06-26
07 Jon Peterson [Ballot Position Update] New position, Yes, has been recorded for Jon Peterson
2008-06-26
07 Jon Peterson Ballot has been issued by Jon Peterson
2008-06-26
07 Jon Peterson Created "Approve" ballot
2008-01-18
07 Samuel Weiler Request for Last Call review by SECDIR Completed. Reviewer: Shawn Emery.
2007-12-20
07 (System) State has been changed to Waiting for AD Go-Ahead from In Last Call by system
2007-12-18
07 Amanda Baber
IANA Last Call comments:

Upon approval of this document, the IANA will make the following
addition in "MAIL CONTENT DISPOSITION Values and Parameters"
registry located …
IANA Last Call comments:

Upon approval of this document, the IANA will make the following
addition in "MAIL CONTENT DISPOSITION Values and Parameters"
registry located at
http://www.iana.org/assignments/mail-cont-disp
sub-registry "Mail Content Disposition Values"

Name + Description + Reference
----- + ------------ + ---------
recipient-list + the body contains a list of URIs + [RFC-ietf-sipping-uri-services-07.txt]

We understand the above to be the only IANA Action for this
document.
2007-12-02
07 Samuel Weiler Request for Last Call review by SECDIR is assigned to Shawn Emery
2007-12-02
07 Samuel Weiler Request for Last Call review by SECDIR is assigned to Shawn Emery
2007-11-29
07 Amy Vezza Last call sent
2007-11-29
07 Amy Vezza State Changes to In Last Call from Waiting for AD Go-Ahead by Amy Vezza
2007-11-13
07 (System) New version available: draft-ietf-sipping-uri-services-07.txt
2006-11-14
07 Yoshiko Fong
IANA Last Call Comment:

IANA has a question about the IANA Actions required upon
approval of this document.

Upon approval, this document requires a single …
IANA Last Call Comment:

IANA has a question about the IANA Actions required upon
approval of this document.

Upon approval, this document requires a single action from
IANA. In the Mail Content Disposition Values and Parameters
registry located at:

http://www.iana.org/assignments/mail-cont-disp

the IANA will register a new value:

recipient-list the body contains a list of URIs

However, in this registry there are three subregistries:

- Mail Content Disposition Values
- Mail Content Disposition Parameters
- Mail Content Disposition Parameter Values

In which of these registries should the new recipient-list
value be added?
2006-09-24
06 (System) New version available: draft-ietf-sipping-uri-services-06.txt
2006-07-19
07 Jon Peterson State Change Notice email list have been change to sipping-chairs@tools.ietf.org from gonzalo.camarillo@ericsson.com, dean.willis@softarmor.com, rohan@ekabal.com
2006-07-19
07 Jon Peterson [Note]: 'Waiting for consent-framework' added by Jon Peterson
2006-07-19
07 Jon Peterson Status date has been changed to 2006-09-01 from
2006-03-29
07 Jon Peterson Shepherding AD has been changed to Jon Peterson from Allison Mankin
2006-03-09
07 Allison Mankin Removed from agenda for telechat - 2006-03-16 by Allison Mankin
2006-03-03
07 (System) State has been changed to Waiting for AD Go-Ahead from In Last Call by system
2006-02-24
07 Allison Mankin Placed on agenda for telechat - 2006-03-16 by Allison Mankin
2006-02-24
07 Allison Mankin
removing from agenda so that it can be on agenda with its
normative reference the consent-framework, which it turns
out is close to ready.  (Also …
removing from agenda so that it can be on agenda with its
normative reference the consent-framework, which it turns
out is close to ready.  (Also need to check about a downref LC -
revisit target status of framework)
2006-02-24
07 Allison Mankin Removed from agenda for telechat - 2006-03-02 by Allison Mankin
2006-02-23
07 Allison Mankin Placed on agenda for telechat - 2006-03-02 by Allison Mankin
2006-02-17
07 Amy Vezza State Changes to In Last Call from Last Call Requested by Amy Vezza
2006-02-17
07 Allison Mankin Last Call was requested by Allison Mankin
2006-02-17
07 (System) Ballot writeup text was added
2006-02-17
07 (System) Last call text was added
2006-02-17
07 (System) Ballot approval text was added
2006-02-17
07 Allison Mankin State Changes to Last Call Requested from AD Evaluation by Allison Mankin
2006-02-17
07 Allison Mankin State Changes to AD Evaluation from Publication Requested by Allison Mankin
2006-02-13
07 Dinara Suleymanova Intended Status has been changed to Proposed Standard from None
2006-02-13
07 Dinara Suleymanova
PROTO Write-up

1.a) Have the chairs personally reviewed this version of the
Internet Draft (ID), and in particular, do they believe this ID is ready …
PROTO Write-up

1.a) Have the chairs personally reviewed this version of the
Internet Draft (ID), and in particular, do they believe this ID is ready
to forward to the IESG for publication?

Yes. The draft was reviewed by chairs Rohan Mahy and Dean Willis, and
was primarily authored by chair Gonzalo Camarillo.

1.b) Has the document had adequate review from both key WG members
and key non-WG members? Do you have any concerns about the
depth or breadth of the reviews that have been performed?

The document has been well-reviewed by key WG members and has been
"socialized" inside IETF and external SDOs including OMA. There may
be an external review requirement for the registration of a new
Content-Disposition value in the IANA mail-cont-disp registry.

1.c) Do you have concerns that the document needs more review from a
particular (broader) perspective (e.g., security, operational
complexity, someone familiar with AAA, etc.)?

I expect there to be a significant interest in the security aspects
of this document, although I believe the presentation here is
adequate. This draft relates to the consent-framework draft, which
generated an extensive discussion with AD Sam Hartman on the security
aspects.

1.d) Do you have any specific concerns/issues with this document
that you believe the ADs and/or IESG should be aware of? For
example, perhaps you are uncomfortable with certain parts of
the document, or have concerns whether there really is a need for
it. In any event, if your issues have been discussed in the WG
and the WG has indicated it that it still wishes to advance the
document, detail those concerns in the write-up.

I have no unresolved concerns with this document beyond its
inadequate abstract. A replacement abstract is provided in an
Instruction below.

1.e) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with
others being silent, or does the WG as a whole understand and
agree with it?

The document seems to have strong concurrence from the subset of the
working group that cares. Although not unamimous, this is a fairly
significant subset of the working group.

1.f) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in
separate email to the Responsible Area Director.

I am unaware of any such concerns.

1.g) Have the chairs verified that the document adheres to all of
the ID nits? (see http://www.ietf.org/ID-Checklist.html).

The current draft passes idnits 1.85. It contains no XML or ABNF that
requires verification. The IANA considerations are minimal and appear
to be adequately described. No additional issues were noted in a
visual inspection.

1.h) Is the document split into normative and informative
references? Are there normative references to IDs, where the IDs are not
also ready for advancement or are otherwise in an unclear
state? (note here that the RFC editor will not publish an RFC with
normative references to IDs, it will delay publication until
all such IDs are also ready for publication as RFCs.)

The references are properly defined and all normative references are
to published RFCs.


Instruction on Abstract: Replace the abstract with the text of the
Technical Summary.

Technical Summary:

Traditional SIP requests are sent to a single recipient indicated by
the Request URI. Conferencing and other scenarios raised a need to
send a single request to multiple recipients. This document provides
a general methodology, including security considerations, for sending
a SIP request to multiple recipients by including a list of
recipients (URI-list) in the request and targeting the Request URI to
an intermediate service node that will process the list and generate
a singular request for each recipient. This document defines a new
value of the Content-Disposition header used to invoke URI-list
processing on the intermediate service node. It is expected that
future standards-track documents will define the usage of URI list
services with each SIP request type.

Working Group Summary:

This work has progressed fairly steadily in the SIPPING working
group, and is part of larger set of documents including the Consent
framework and mechanism and specific URI-list services definitions
for MESSAGE, INVITE, and REFER requests. While there was initially
substantial angst in the working group over the fundamental
requirements of a consent-based (opt-in, as opposed to opt-out)
model, the framework represented by this document has not been
particularly contentious.


Protocol Quality:

No implementations of this specification are known to exist. However,
the Open Mobile Alliance is in the process of developing systems
specifications that exercise URI-list services for conferencing with
INVITE and REFER requests. The details of these services are defined
in other drafts, but to the extent that this draft applies, OMA has
not reported any difficulties with this specification.
2006-02-13
07 Dinara Suleymanova Intended Status has been changed to None from Informational
2006-02-13
07 Dinara Suleymanova Draft Added by Dinara Suleymanova in state Publication Requested
2006-01-30
05 (System) New version available: draft-ietf-sipping-uri-services-05.txt
2005-10-24
04 (System) New version available: draft-ietf-sipping-uri-services-04.txt
2005-04-15
03 (System) New version available: draft-ietf-sipping-uri-services-03.txt
2004-12-02
02 (System) New version available: draft-ietf-sipping-uri-services-02.txt
2004-10-18
01 (System) New version available: draft-ietf-sipping-uri-services-01.txt
2004-07-13
00 (System) New version available: draft-ietf-sipping-uri-services-00.txt