Last Call Review of draft-ietf-pmol-sip-perf-metrics-
I am reviewing this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments. Feel free to
forward to any appropriate forum.
This document defines metrics for measuring the performance of SIP
systems but not a protocol for their exchange. As such it is entirely
appropriate that this document relies on the security section in the
main SIP protocol which is extensive.
One small area of concern is that the security considerations section
appears to operate under the assumption that the chief security
concern would be confidentiality. While it is possible that this might
be the case, it is also quite likely that any metrics system would be
employed for purposes in connection with billing. Hence there is
likely to be an integrity concern with one party or another
manipulating metrics for the purpose of avoiding payments due or for
imposing unjustified payments or penalties.
View Quantum of Stupid podcasts, Tuesday and Thursday each week,