Addressing an Amplification Vulnerability in Session Initiation Protocol (SIP) Forking Proxies
RFC 5393

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>, 
    sip mailing list <sip@ietf.org>, 
    sip chair <sip-chairs@tools.ietf.org>
Subject: Protocol Action: 'Addressing an Amplification 
         Vulnerability in Session Initiation Protocol (SIP) Forking 
         Proxies' to Proposed Standard 

The IESG has approved the following document:

- 'Addressing an Amplification Vulnerability in Session Initiation 
   Protocol (SIP) Forking Proxies '
   <draft-ietf-sip-fork-loop-fix-09.txt> as a Proposed Standard

This document is the product of the Session Initiation Protocol Working 
Group. 

The IESG contact persons are Cullen Jennings and Jon Peterson.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-sip-fork-loop-fix-09.txt

Technical Summary 

This document normatively updates RFC 3261, the Session Initiation
Protocol 
(SIP), to address a security vulnerability identified in SIP proxy
behavior. 
This vulnerability enables an attack against SIP networks where a small 
number of legitimate, even authorized, SIP requests can stimulate massive
amounts of proxy-to-proxy traffic. 

This document strengthens loop-detection requirements on SIP proxies 
when they fork requests (that is, forward a request to more than one
destination). 
It also corrects and clarifies the description of the loop-detection 
algorithm such proxies are required to implement. 

Working Group Summary 

The document was produced by the SIP working group. There is consensus in
the WG to publish this document. 

Document Quality 

The document has been produced as a result of an issue identified during
SIPit interoperability testing.