Instant Messaging and Presence Purpose for the Call-Info Header Field in the Session Initiation Protocol (SIP)
Note: This ballot was opened for revision 03 and is now closed.
(Richard Barnes) Yes
(Gonzalo Camarillo) Yes
(Spencer Dawkins) Yes
Comment (2013-05-28 for -03)
This is more for the RAI ADs than anything else (no action requested from the document authors). In 2. Security Considerations Advertising an endpoint's XMPP address over SIP could inform malicious entities about an alternative attack vector. Because the "purpose" header field parameter could be spoofed, the receiving endpoint ought to check the value against an authoritative source such as a user directory. Clients can integrity protect and encrypt this header field using end-to-end mechanisms such as S/MIME or hop- by-hop mechanisms such as TLS. We're talking about a SIP client (with an XMPP address in a SIP header field parameter), is that right? Has S/MIME gotten much deployment to date? I know we didn't even mention S/MIME in SIPconnect 1.1 (http://www.sipforum.org/component/option,com_docman/task,doc_download/gid,476/Itemid,261/)
(Jari Arkko) No Objection
(Stewart Bryant) No Objection
(Benoît Claise) No Objection
(Adrian Farrel) No Objection
(Stephen Farrell) (was Discuss) No Objection
Thanks for considering my discuss point. S.
(Brian Haberman) No Objection
(Joel Jaeggli) No Objection
Comment (2013-05-30 for -03)
no objection on the basis of the revised id that will be coming
Barry Leiba No Objection
(Ted Lemon) No Objection
(Pete Resnick) (was Discuss) No Objection
(Martin Stiemerling) No Objection
(Sean Turner) No Objection
Comment (2013-05-24 for -03)
Would there be other capabilities that you'd want to advertise? Like here's my certificate?