I am the assigned Gen-ART reviewer for this draft. For background on Gen-ART, please see the FAQ at < http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>.
Please wait for direction from your document shepherd or AD before posting a new version of the draft. Document: draft-ietf-cuss-sip-uui-reqs-07 Reviewer: Ben Campbell Review Date: 2011-01-01 IESG Telechat date: 2011-01-03 Summary: This version is basically ready for publication as an informational RFC. Alan responded to two of my comments with perfectly reasonable explanations (see quoted text below.) In both cases, I think the requirements would be more clear if the clarifications were included in the draft text: >> >> >> -- REQ-12: >> >> What degree of certainty is required here? (i.e. strong identity?) If >> implied by the SIP dialog, does that impact expectations on what sort of >> authn must happen at the SIP layer? > > This is not meant to imply strong identity. And since UUI data can appear in > a response, there aren't really any strong methods available with SIP. The > UUI mechanism does not introduce stronger authorization requirements for SIP, > but instead the mechanism needs to be able to utilize existing SIP approaches. > >> >> -- REQ 13: >> >> I'm not sure I understand how this interacts with the ability for >> intermediaries to remove UUI. Should this be detectable by the endpoints? Or >> is that ability limited to the hop-by-hop case, or require no integrity >> protection? > > Yes, there are tradeoffs between this requirement and requirement REQ-9. > Hop-by-hop protection is one way to resolve this interaction. _______________________________________________ Ietf mailing list Ietf@ietf.org https://www.ietf.org/mailman/listinfo/ietf
