A Mechanism for Content Indirection in Session Initiation Protocol (SIP) Messages
draft-ietf-sip-content-indirect-mech-05

Note: This ballot was opened for revision 05 and is now closed.

(Steven Bellovin; former steering group member) Discuss

Discuss [Treat as non-blocking comment] (2004-01-06 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
Why is support for integrity and confidentiality (not privacy, per Russ's comment) not mandatory?  The cost for supporting https should be low, since if I read 3261 correctly support for TLS is already mandatory in SIP.

Beyond that, there's a more subtle problem:  trust anchors.  How does the recipient know what trust anchor (i.e., a certificate authority) is appropriate from the perspective of the sender for this content?  Should it be possible -- or necessary -- to communicate that in the SIP message?  To use an example from the draft, suppose I want to send you a picture that's stored on my company's Web server.  Regardless of whether or not you normally trust the CA that issued my company a certificate, you should trust it here if you trust the SIP message coming from me.  (I'm assuming, of course, that the SIP exchange is protected in such instances.)

(Allison Mankin; former steering group member) Yes

Yes ( for -** No value found for 'p.get_dochistory.rev' **)
No email
send info

(Jon Peterson; former steering group member) Yes

Yes ( for -** No value found for 'p.get_dochistory.rev' **)
No email
send info

(Alex Zinin; former steering group member) No Objection

No Objection ( for -** No value found for 'p.get_dochistory.rev' **)
No email
send info

(Bert Wijnen; former steering group member) No Objection

No Objection (2004-01-08 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
Editorial comments:
 - refs need to be split
 - volcano and nwt.com need to be changed to be different domains,
   like example.ORG and example.COM

(Bill Fenner; former steering group member) No Objection

No Objection ( for -** No value found for 'p.get_dochistory.rev' **)
No email
send info

(Brian Carpenter; former steering group member) No Objection

No Objection ()
No email
send info

(Harald Alvestrand; former steering group member) No Objection

No Objection ( for -** No value found for 'p.get_dochistory.rev' **)
No email
send info

(Margaret Cullen; former steering group member) No Objection

No Objection ( for -** No value found for 'p.get_dochistory.rev' **)
No email
send info

(Ned Freed; former steering group member) No Objection

No Objection ( for -** No value found for 'p.get_dochistory.rev' **)
No email
send info

(Russ Housley; former steering group member) No Objection

No Objection (2003-12-29 for -** No value found for 'p.get_dochistory.rev' **)
No email
send info
  In the Security Considerations, the document says:

  >For confidentiality, integrity, and authentication, this content
  >indirection mechanism relies on the security mechanisms outlined in
  >RFC3261. In particular, the usage of S/MIME as defined in section 23
  >of RFC3261 provides the necessary mechanism to ensure integrity
  >protection and privacy of the indirect content URI and associated
  >parameters.

  Please align with the definitions in RFC 2828 by:
  s/and privacy/and confidentiality/

(Ted Hardie; former steering group member) (was Discuss) No Objection

No Objection ()
No email
send info

(Thomas Narten; former steering group member) No Objection

No Objection ( for -** No value found for 'p.get_dochistory.rev' **)
No email
send info