Telechat Review of draft-ietf-cuss-sip-uui-reqs-
review-ietf-cuss-sip-uui-reqs-genart-telechat-campbell-2011-11-01-00

I am the assigned Gen-ART reviewer for this draft. For background on
Gen-ART, please see the FAQ at
<

http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Please wait for direction from your document shepherd
or AD before posting a new version of the draft.

Document: draft-ietf-cuss-sip-uui-reqs-07
Reviewer: Ben Campbell
Review Date: 2011-01-01
IESG Telechat date: 2011-01-03

Summary:

This version is basically ready for publication as an informational RFC. Alan
responded to two of my comments with perfectly reasonable explanations (see
quoted text below.) In both cases, I think the requirements would be more clear
if the clarifications were included in the draft text:

>>
>>
>> -- REQ-12:
>>
>> What degree of certainty is required here? (i.e. strong identity?) If
implied by the SIP dialog, does that impact expectations on what sort of authn
must happen at the SIP layer? > > This is not meant to imply strong identity. 
And since UUI data can appear in a response, there aren't really any strong
methods available with SIP.   The UUI mechanism does not introduce stronger
authorization requirements for SIP, but instead the mechanism needs to be able
to utilize existing SIP approaches. > >> >> -- REQ 13: >> >> I'm not sure I
understand how this interacts with the ability for intermediaries to remove
UUI. Should this be detectable by the endpoints? Or is that ability limited to
the hop-by-hop case, or require no integrity protection? > > Yes, there are
tradeoffs between this requirement and requirement REQ-9.  Hop-by-hop
protection is one way to resolve this interaction.