[apps-discuss] Apps-team review: draft-ietf-sipcore-sec-flows

Kurt Zeilenga <Kurt.Zeilenga@Isode.com> Wed, 15 December 2010 15:20 UTC

Return-Path: <Kurt.Zeilenga@Isode.com>
X-Original-To: apps-discuss@core3.amsl.com
Delivered-To: apps-discuss@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5FCC828C181 for <apps-discuss@core3.amsl.com>; Wed, 15 Dec 2010 07:20:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.979
X-Spam-Level:
X-Spam-Status: No, score=-100.979 tagged_above=-999 required=5 tests=[AWL=-1.380, BAYES_00=-2.599, J_CHICKENPOX_12=0.6, J_CHICKENPOX_13=0.6, J_CHICKENPOX_15=0.6, J_CHICKENPOX_210=0.6, J_CHICKENPOX_25=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hFZH6e3J6qjm for <apps-discuss@core3.amsl.com>; Wed, 15 Dec 2010 07:20:01 -0800 (PST)
Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by core3.amsl.com (Postfix) with ESMTP id C443628C180 for <apps-discuss@ietf.org>; Wed, 15 Dec 2010 07:20:00 -0800 (PST)
Received: from [192.168.42.5] (75-141-240-242.dhcp.reno.nv.charter.com [75.141.240.242]) by rufus.isode.com (submission channel) via TCP with ESMTPSA id <TQjdBQAbxXX4@rufus.isode.com>; Wed, 15 Dec 2010 15:21:42 +0000
From: Kurt Zeilenga <Kurt.Zeilenga@Isode.com>
Date: Wed, 15 Dec 2010 07:21:39 -0800
Message-Id: <00650698-AADF-4BF1-A036-2B95AEFE6069@Isode.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>, draft-ietf-sipcore-sec-flows@tools.ietf.org
X-Mailer: Apple Mail (2.1082)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Cc: apps-discuss@ietf.org
Subject: [apps-discuss] Apps-team review: draft-ietf-sipcore-sec-flows
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Dec 2010 15:20:03 -0000

I have been selected as the Applications Area Review Team reviewer for this draft (for background on apps-review, please seehttp://www.apps.ietf.org/content/applications-area-review-team).

Please resolve these comments along with any other Last Call comments you may receive. Please wait for direction from your document shepherd or AD before posting a new version of the draft.

Document: draft-ietf-sipcore-sec-flows (rev-07 reviewed)
Title: Example call flows using Session Initiation Protocol (SIP) security mechanisms
Reviewer: Kurt Zeilenga
Review Date: 12/15/2010
IETF Last Call Date: [include if known]
IESG Telechat Date: 2011-01-20
Summary: This draft is basically ready for publication as an Informational RFC but has a few issues that should be fixed before publication.
Major Issues: None.
Minor Issues: 

I see some inconsistencies in how Distinguished Names (DNs) are presented in the RFC.

For instance (from 2.1):
   Issuer: C=US, ST=California, L=San Jose, O=sipit,
           OU=Sipit Test Certificate Authority

vs. (also from 2.1)
   DirName:/C=US/ST=California/L=San Jose/O=sipit/
           OU=Sipit Test Certificate Authority

The former kind of looks like the LDAP DN format but, if that's what was intended, the RDNs appear in the incorrect order.  Note that in the LDAP DN format, the most specific element appears first (the reverse of how they appear in the BER/DER encoding of a DN).  Also, there should be no spaces after the RDN separators (the commas).

The latter appears to be DCE format.

I would think it appropriate to use a single format for all DNs and, if one chooses to use the LDAP DN format, that values ought to be constructed per RFC 4514.  I note that Appendix A of RFC 4514 discusses presentation issues of Distinguished Names.

Nits: The usual (many acronyms are not spelled out on first use, etc.)