Telechat Review of draft-ietf-cuss-sip-uui-reqs-
review-ietf-cuss-sip-uui-reqs-genart-telechat-campbell-2012-01-12-00

I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART,
please see the FAQ at <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Please resolve these comments along with any other Last Call comments you may
receive.

Document: draft-ietf-cuss-sip-uui-reqs-06
Reviewer: Ben Campbell
Review Date: 2011-10-12
IETF LC End Date: 2011-10-13

Summary: This draft is almost ready for publication as an informational RFC. I
have a few minor questions and comments that may be worth addressing first.

Major issues:

None

Minor issues:

-- section 1, 2nd paragraph, last sentence: "In particular, this mechanism
creates no requirements on intermediaries such as proxies."

What about SBCs, B2BUAs, etc?

-- REQ-4: "… any other form of redirection of the request."

"Any other form" seems a pretty strong statement. What about a b2bua doing
weird stuff?

-- REQ-8: "If the UAS does not understand the UUI mechanism, the request will
fail."

Based on the routing requirement, shouldn't that say that if the request cannot
be routed to a UAS that understands the UUI mechanism, the request will fail?

-- REQ-12:

What degree of certainty is required here? (i.e. strong identity?) If implied
by the SIP dialog, does that impact expectations on what sort of authn must
happen at the SIP layer?

-- REQ 13:

I'm not sure I understand how this interacts with the ability for
intermediaries to remove UUI. Should this be detectable by the endpoints? Or is
that ability limited to the hop-by-hop case, or require no integrity protection?

Nits/editorial comments:

-- section 4, 2nd paragraph: "The UUI mechanisim should support both of these
approaches"

Should that be a numbered requirement? You've got requirements to support e2e
and hop-by-hop, but no requirement that mentions SIP layer vs application layer.