Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies
draft-ietf-sip-fork-loop-fix-08
Yes
(Cullen Jennings)
(Jari Arkko)
No Objection
(Chris Newman)
(Dan Romascanu)
(David Ward)
(Lisa Dusseault)
(Magnus Westerlund)
(Mark Townsley)
(Pasi Eronen)
(Ron Bonica)
(Ross Callon)
(Russ Housley)
(Tim Polk)
Note: This ballot was opened for revision 08 and is now closed.
Cullen Jennings Former IESG member
Yes
Yes
()
Unknown
Jari Arkko Former IESG member
Yes
Yes
()
Unknown
Chris Newman Former IESG member
No Objection
No Objection
()
Unknown
Dan Romascanu Former IESG member
No Objection
No Objection
()
Unknown
David Ward Former IESG member
No Objection
No Objection
()
Unknown
Lisa Dusseault Former IESG member
No Objection
No Objection
()
Unknown
Magnus Westerlund Former IESG member
No Objection
No Objection
()
Unknown
Mark Townsley Former IESG member
No Objection
No Objection
()
Unknown
Pasi Eronen Former IESG member
(was Discuss)
No Objection
No Objection
()
Unknown
Ron Bonica Former IESG member
No Objection
No Objection
()
Unknown
Ross Callon Former IESG member
No Objection
No Objection
()
Unknown
Russ Housley Former IESG member
No Objection
No Objection
()
Unknown
Tim Polk Former IESG member
(was No Record, Discuss)
No Objection
No Objection
(2008-10-22)
Unknown
I was a little confused by the compliance language in section 4.2.1 and 4.2.2 of this
specification. Specifically:
In 4.2.1, the paragraph beginning with "Proxies required to perform loop-detection ..."
contains the following conformance requirement:
"Such proxies SHOULD create a branch value separable into two parts ..."
implying that they can perform this loop detection even if they don't generate two part
branch values.
In 4.2.2, the Loop Detection Check is defined based on the presence of the second part.
This implies the statement above needs to be MUST.
I may be missing something, but I would suggest the authors review 4.2.1 and 4.2.2
to ensure that the conformance requirements are consistent.