Session Initiation Protocol (SIP) URIs for Applications such as Voicemail and Interactive Voice Response (IVR)
RFC 4458

Note: This ballot was opened for revision 06 and is now closed.

(Allison Mankin) Yes

(Brian Carpenter) No Objection

Comment (2006-01-03 for -)
No email
send info
Points from a Gen-ART review by Scott Brim, to be considered as 
possible clarifications.

--------


First, Section 4 says there is an assumption that the sender knows
what target syntax is valid on the receiving system.  Target syntax is
apparently known with certainty when it is provided by the intended
recipient e.g. in a "Moved" message.  Other than that, target syntax
is a local matter, right?

One of the draft goals is to match expectations of ETSI and TDM
systems.  Do they already have some syntax defined for targets, at
least for common situations?  If so, and since the point of the draft
is to promote common usage, shouldn't they be reproduced or referenced
here?

As another possibility, have you considered having a default universal
target syntax, which would be converted to the local syntax by
interworking functions?  That would put the problem where it belongs,
at the receiver (or interworker), not the sender.

If you don't need this, because target syntax is always known in all
reasonable deployment cases, then maybe you could redo the first
paragraph of Section 4?

Next ... Section 8.1 says: "Any redirection of a call to an attacker's
mailbox is serious.  It is trivial for an attacker to make its mailbox
seem very much like the real mailbox and forward the messages to the
real mailbox so that the fact that the messages have been intercepted
or even tampered with escapes detection."

There seems to be a general sense that the caller A must depend on the
security behavior of the callee B, and that the caller has no way to
authenticate the party it finally connects to (C).  I don't like
security dependencies.  I don't know enough about SIP to make a
specific suggestion, but can't A authenticate C the same way it would
authenticate B in the first place?

Finally, something smaller.  The cause codes (aka redirecting reasons)
are referred to as SIP "error" codes in 2.0.  Is this just a slip, or
are informational codes generally referred to as "error" codes in SIP
drafts?

In case you decide to do another revision, there is a typo: "This was
only done for formatting and is not a valid SIP messages."

(Margaret Cullen) No Objection

(Ted Hardie) (was Discuss) No Objection

(Sam Hartman) No Objection

(Russ Housley) (was Discuss) No Objection

Comment (2006-01-01)
No email
send info
  I suggest swapping section 5 and section 6.

  Section 8.1: s/man in the middle/man-in-the-middle/

  Section 8.1: s/hop by hop/hop-by-hop/ (2 places)

(David Kessens) No Objection

(Bert Wijnen) No Record

Comment (2006-01-05 for -)
No email
send info
I see (a couple of times)
      Contact: <sip:alice@92.168.0.1>

I suspect that the 92.168.0.1 better be changed into an IP address
that complies with RFC3330.