Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies
Note: This ballot was opened for revision 08 and is now closed.
(Jari Arkko) Yes
(Cullen Jennings) Yes
(Ron Bonica) No Objection
(Ross Callon) No Objection
(Lisa Dusseault) No Objection
(Pasi Eronen) (was Discuss) No Objection
(Russ Housley) No Objection
(Chris Newman) No Objection
(Tim Polk) (was No Record, Discuss) No Objection
I was a little confused by the compliance language in section 4.2.1 and 4.2.2 of this specification. Specifically: In 4.2.1, the paragraph beginning with "Proxies required to perform loop-detection ..." contains the following conformance requirement: "Such proxies SHOULD create a branch value separable into two parts ..." implying that they can perform this loop detection even if they don't generate two part branch values. In 4.2.2, the Loop Detection Check is defined based on the presence of the second part. This implies the statement above needs to be MUST. I may be missing something, but I would suggest the authors review 4.2.1 and 4.2.2 to ensure that the conformance requirements are consistent.