I was selected as General Area Review Team reviewer for this specification
(for background on Gen-ART, please see
http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html).
This document is almost ready for publication as a proposed standard.
Requirement GEN 4 requires that servers authenticate the invoker. If
this allows null authentication, it is a meaningless
requirement. If, as I believe is intended, this requires the use of
authentication technology, then this is a very strong
requirement. It means that even a URI server within a corporation
serving only corporate destinations, can not waive the
authentication. This is much stronger than our usual "security must
be mandatory to implement, but may be optional to use." The actual
test in the security section refers to unauthorized users. That
appears to me to be broader, and to allow for the case where
authorization is implicit rather than explicit.
Yours,
Joel M. Halpern
At 12:19 PM 2/18/2006, Mary Barnes wrote:
---------------------------
Reviewer: Joel Halpern
- 'Framework and Security Considerations for Session Initiation
Protocol (SIP)
Uniform Resource Identifier (URI)-List Services '
<draft-ietf-sipping-uri-services-05.txt> as a Proposed Standard
IETF LC ends on 2006-03-03.
The file can be obtained via
<http://www.ietf.org/internet-drafts/draft-ietf-sipping-uri-services-05.txt>http://www.ietf.org/internet-drafts/draft-ietf-sipping-uri-services-05.txt
---------------------------
_______________________________________________
Gen-art mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/gen-art
