Managing Client-Initiated Connections in the Session Initiation Protocol (SIP)
RFC 5626
Note: This ballot was opened for revision 20 and is now closed.
(Robert Sparks) Yes
(Ron Bonica) No Objection
(Ross Callon) No Objection
(Ralph Droms) No Objection
Comment (2009-06-02 for -)
No email
send info
send info
From the Introduction: Most IP phones and personal computers get their network configurations dynamically via a protocol such as DHCP (Dynamic Host Configuration Protocol). These systems typically do not have a useful name in the Domain Name System (DNS), and they almost never have a long-term, stable DNS name that is appropriate for use in the subjectAltName of a certificate, as required by [RFC3261]. However, these systems can still act as a Transport Layer Security (TLS) [RFC5246] client and form outbound connections to a proxy or registrar which authenticates with a server certificate. For the sake of (perhaps foolish) consistency, use the same format "Full Name of Protocol (ACRONYM)" for DHCP, DNS and TLS? And, for completeness and consistency, add an informative reference for DNS (I see Alexey has already suggested a similar ref for DHCP). Another very minor editorial comment, also in the spirit of consistency: there are several indented sub-paragraphs (e.g., in sections 3.5.1, 3.5.2, 4.1). Some are not idnetified while others begin with "Note:". And, "Implementation Notes:" are not indented.
(Lisa Dusseault) No Objection
(Lars Eggert) No Objection
(Pasi Eronen) No Objection
(Adrian Farrel) No Objection
Comment (2009-05-31 for -)
No email
send info
send info
Comprehensive and well written. Need to decide on "keep alive" or "keep-alive" In 4.4.1 This approach MUST only be used with connection oriented transports such as TCP or SCTP. This use of "MUST only" creates some ambiguity and may be confusing. Perhaps better... This approach MUST NOT be used with connection-less transports such as UDP. (Similar in 4.4.2.) In 4.5 The number of seconds to wait is computed in the following way. If all of the flows to every URI in the outbound proxy set have failed, the base-time is set to 30 seconds; otherwise, in the case where at least one of the flows has not failed, the base-time is set to 90 seconds. The upper-bound wait time (W) is computed by taking two raised to the power of the number of consecutive registration failures for that URI, and multiplying this by the base time, up to a maximum of 1800 seconds. But all of these timers may be configurable (see the paragraph below the formula) with defaults explained. Better, therefore... The number of seconds to wait is computed in the following way. If all of the flows to every URI in the outbound proxy set have failed, the base-time is set to a lower value (with a default of 30 seconds); otherwise, in the case where at least one of the flows has not failed, the base-time is set to a higher value (with a default of 90 seconds). The upper-bound wait time (W) is computed by taking two raised to the power of the number of consecutive registration failures for that URI, and multiplying this by the base time, up to a configurable maximum time (with a default of 1800 seconds). There are rather a lot of "SHOULD" uses in the document. Some of these have clauses like "Alternatively, the UA..." which is great. I would prefer for some thought to be given to the other cases where deviation from the SHOULD is allowed. The IANA considerations sections seem a tad verbose. These sections are supposed only to instruct the IANA about what goes in which registries. Discussion of usage of (for example, response codes) should be limited to the main body of the I-D.
(Russ Housley) No Objection
(Alexey Melnikov) No Objection
Comment (2009-05-30 for -)
No email
send info
send info
This is a solid document.
I have some comments, which are mostly nits:
COMMENT:
1. Introduction
There are many environments for SIP [RFC3261] deployments in which
the User Agent (UA) can form a connection to a Registrar or Proxy but
in which connections in the reverse direction to the UA are not
possible. This can happen for several reasons, but the most likely
is a NAT or a firewall in between the SIP UA and the proxy. Many
such devices will only allow outgoing connections. This
specification allows a SIP User Agent behind such a firewall or NAT
to receive inbound traffic associated with registrations or dialogs
that it initiates.
Most IP phones and personal computers get their network
configurations dynamically via a protocol such as DHCP (Dynamic Host
Configuration Protocol). These systems typically do not have a
I think this needs an Informative reference to DHCP.
4.1. Instance ID Creation
[...]
[RFC3840] defines equality rules for callee capabilities
parameters, and according to that specification, the
"sip.instance" media feature tag will be compared by case-
sensitive string comparison. This means that the URN will be
encapsulated by angle brackets ("<" and ">") when it is placed
within the quoted string value of the +sip.instance Contact header
field parameter. The case-sensitive matching rules apply only to
the generic usages defined in the callee capabilities [RFC3841]
Should this be [RFC3840]?
and the caller preferences [RFC3841] specifications. When the
4.3. Sending Non-REGISTER Requests
[...]
The UAC performs normal DNS resolution on the next hop URI (as
described in [RFC3263]) to find a protocol, IP address, and port.
For protocols that don't use TLS, if the UAC has an existing flow to
this IP address, and port with the correct protocol, then the UAC
MUST use the existing connection. For TLS protocols, there MUST also
be a match between the host production in the next hop and one of the
URIs contained in the subjectAltName in the peer certificate.
You should probably mention that you mean uniformResourceIdentifier
subjectAltName value.
Typically, a UAC using the procedures of this document and sending a
dialog-forming request will want all subsequent requests in the
dialog to arrive over the same flow. If the UAC is using a GRUU
[I-D.ietf-sip-gruu] that was instantiated using a Contact header
field value that included an "ob" parameter, the UAC sends the
request over the flow used for registration and susequent requests
Typo: subsequent
will arrive over that same flow. If the UAC is not using such a
9.1. Subscription to configuration package
If the outbound proxy set is already configured on Bob's UA, then
this subsection can be skipped. Otherwise, if the outbound proxy set
is learned through the configuration package, Bob's UA sends a
SUBSCRIBE request for the UA profile configuration package
[I-D.ietf-sipping-config-framework]. This request is a poll (Expires
is zero). After receiving the NOTIFY request, Bob's UA fetches the
external configuration using HTTPS (not shown) and obtains a
configuration file which contains the outbound-proxy-set "sip:
ep1.example.com;lr" and "sip:ep2.example.com;lr.
Missing <"> before the final dot.
10. Grammar
This specification defines a new header field "Flow-Timer", new
Contact header field parameters, reg-id and +sip.instance. The
grammar includes the definitions from [RFC3261] and includes the
definition of uric from [RFC3986]. Flow-Timer is an extension-header
To be pedantic: the rule for "uric" was obsoleted by RFC 3986
(it is mentioned in passing in its Appendix D.2.)
There is also "uric" in RFC 3261.
from the message-header in the [RFC3261] ABNF.
The ABNF[RFC5234] is:
Flow-Timer = "Flow-Timer" HCOLON 1*DIGIT
contact-params =/ c-p-reg / c-p-instance
c-p-reg = "reg-id" EQUAL 1*DIGIT ; 1 to (2**31 - 1)
Are leading 0 allowed here?
c-p-instance = "+sip.instance" EQUAL
DQUOTE "<" instance-val ">" DQUOTE
instance-val = *uric ; defined in RFC 3986
I just want to double check this is intentional: you allow for empty value?
The value of the reg-id MUST NOT be 0 and MUST be less than 2**31.
11.7. Media Feature Tag
[...]
Values appropriate for use with this feature tag: String.
According to RFC 2506, this should be "String (equality relationship)".