Last Call Review of draft-ietf-sipcore-199-
review-ietf-sipcore-199-secdir-lc-weiler-2010-02-02-00

Request Review of draft-ietf-sipcore-199
Requested rev. no specific revision (document currently at 06)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2010-02-02
Requested 2010-01-14
Other Reviews Secdir Telechat review of - by Samuel Weiler (diff)
Review State Completed
Reviewer Samuel Weiler
Review review-ietf-sipcore-199-secdir-lc-weiler-2010-02-02
Posted at http://www.ietf.org/mail-archive/web/secdir/current/msg01408.html
Draft last updated 2010-02-02
Review completed: 2010-02-02

Review
review-ietf-sipcore-199-secdir-lc-weiler-2010-02-02

I have reviewed this document as part of the security directorate's 


ongoing effort to review all IETF documents being processed by the 


IESG.  Document editors and WG chairs should treat these comments just 


like any other last call comments.




This defines an intermediate "we're done" response, allowing parties
to tear down some state, while still requiring a final response.

The obvious risk (forging these, just like forging a TCP reset) is
documented.

Even though the point of the 199 response is to allow early resource
release, I notice that some state is still being maintained for these
sessions.  It might be worth explicitly reminding readers of when they
can timeout (is there a timeout specified somewhere?).

I'm also a little worried about the implications of one party or
another trying to continue the dialog, perhaps maliciously, after
sending or receiving one of these.  What if one of these were used to
disable a monitoring or billing system, but the parties continued to
use the open session?  (Compare to sending a weak C-tone on a
wiretapped PSTN line.)

Editorial:

Please expand the acronyms in the abstract.  (The id-nits checklist
says the abstract "Should be meaningful to someone not versed in the
technology; most abbreviations must be expanded on first use.")

-- Sam