Telechat Review of draft-ietf-cuss-sip-uui-reqs-
review-ietf-cuss-sip-uui-reqs-genart-telechat-campbell-2012-01-12-00

Request Review of draft-ietf-cuss-sip-uui-reqs
Requested rev. no specific revision (document currently at 09)
Type Telechat Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2011-11-01
Requested 2012-01-12
Authors Alan Johnston, Laura Liess
Draft last updated 2012-01-12
Completed reviews Genart Telechat review of -?? by Ben Campbell
Genart Telechat review of -?? by Ben Campbell
Assignment Reviewer Ben Campbell
State Completed
Review review-ietf-cuss-sip-uui-reqs-genart-telechat-campbell-2012-01-12
Review completed: 2012-01-12

Review
review-ietf-cuss-sip-uui-reqs-genart-telechat-campbell-2012-01-12

I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.

Please resolve these comments along with any other Last Call comments you may receive.

Document: draft-ietf-cuss-sip-uui-reqs-06
Reviewer: Ben Campbell
Review Date: 2011-10-12
IETF LC End Date: 2011-10-13

Summary: This draft is almost ready for publication as an informational RFC. I have a few minor questions and comments that may be worth addressing first.

Major issues:

None

Minor issues:

-- section 1, 2nd paragraph, last sentence: "In particular, this mechanism creates no requirements on intermediaries such as proxies."

What about SBCs, B2BUAs, etc?

-- REQ-4: "… any other form of redirection of the request."

"Any other form" seems a pretty strong statement. What about a b2bua doing weird stuff?

-- REQ-8: "If the UAS does not understand the UUI mechanism, the request will fail."

Based on the routing requirement, shouldn't that say that if the request cannot be routed to a UAS that understands the UUI mechanism, the request will fail?

-- REQ-12: 

What degree of certainty is required here? (i.e. strong identity?) If implied by the SIP dialog, does that impact expectations on what sort of authn must happen at the SIP layer?

-- REQ 13:

I'm not sure I understand how this interacts with the ability for intermediaries to remove UUI. Should this be detectable by the endpoints? Or is that ability limited to the hop-by-hop case, or require no integrity protection?

Nits/editorial comments:

-- section 4, 2nd paragraph: "The UUI mechanisim should support both of these approaches"

Should that be a numbered requirement? You've got requirements to support e2e and hop-by-hop, but no requirement that mentions SIP layer vs application layer.