[apps-discuss] Apps directorate review of draft-ivov-xmpp-cusax

Ted Hardie <ted.ietf@gmail.com> Mon, 15 July 2013 16:46 UTC

Return-Path: <ted.ietf@gmail.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC5C421E80E4; Mon, 15 Jul 2013 09:46:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.283
X-Spam-Level:
X-Spam-Status: No, score=-2.283 tagged_above=-999 required=5 tests=[AWL=0.316, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LlSrkR80pNc3; Mon, 15 Jul 2013 09:46:40 -0700 (PDT)
Received: from mail-ie0-x236.google.com (mail-ie0-x236.google.com [IPv6:2607:f8b0:4001:c03::236]) by ietfa.amsl.com (Postfix) with ESMTP id 08AB221E80E2; Mon, 15 Jul 2013 09:46:39 -0700 (PDT)
Received: by mail-ie0-f182.google.com with SMTP id s9so26757188iec.27 for <multiple recipients>; Mon, 15 Jul 2013 09:46:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=xwt7JrPL/8YrlALbYJqnDwIPpk2GYUa/PuZoALhMs9M=; b=xr1ouw9rbDFInLGoRGC+dSHMDJbXvesoZ3JzX7xr86tAY3l1ZaHcFnfmN4rJP75Jl9 Lu7irm8As7uH9V6JnNIgdNBy6anlulW3b8QZEkqY3nq6oIBXuRzg2eBx1OjxixyhydV1 mfnV8NiXqCwxvHUh7MZfYYeonT211efgnpOCdMt7tzqaffIjPr58LIrcKuZ7TaBhV6jK 3g2YvHCsGorZ/JJ6w3X12pcMS62fRklxhKj6O6MrrIkvbqxsS1k22D0b8RWeWCXiGxIw 9Ri0qzvXK+lD2uBmM5TuvrckGbcD9eAjU7P4eYPfqzvL+GRjRNkhPp7YJG5Zn6Ukiq0G Yi7Q==
MIME-Version: 1.0
X-Received: by 10.50.134.9 with SMTP id pg9mr7635116igb.29.1373906798599; Mon, 15 Jul 2013 09:46:38 -0700 (PDT)
Received: by 10.42.29.202 with HTTP; Mon, 15 Jul 2013 09:46:38 -0700 (PDT)
Date: Mon, 15 Jul 2013 09:46:38 -0700
Message-ID: <CA+9kkMDZfmGyhHnUguJJxLhS6gBiPcFQ0od+e_DQHRE3CdqPzA@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
To: draft-ivov-xmpp-cusax.all@tools.ietf.org, apps-discuss@ietf.org
Content-Type: multipart/alternative; boundary="047d7b41407eaf6b0104e18f9ada"
Cc: IESG <iesg@ietf.org>
Subject: [apps-discuss] Apps directorate review of draft-ivov-xmpp-cusax
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jul 2013 16:46:40 -0000

I have been selected as the Applications Area Directorate reviewer for this
draft (for background on appsdir, please see 
http://trac.tools.ietf.org/area/app/trac/wiki/ApplicationsAreaDirectorate).

Please resolve these comments along with any other Last Call comments you
may receive. Please wait for direction from your document shepherd or AD
before posting a new version of the draft.

Document:  draft-ivov-xmpp-cusax-06

Title: CUSAX: Combined Use of the Session Initiation Protocol (SIP) and the
Extensible Messaging and Presence Protocol (XMPP)

Reviewer: Ted Hardie
Review Date: July 15th, 2013

Summary: This document is ready for publication as an Informational RFC.
Some additional text in the security considerations section (or pointers to
external text) may be useful, but is not absolutely required.

 Minor Issues:  The text in the security considerations does not seem to
consider some attacks which appear obvious in light of the discussion of
federation.  The federation example points out that the mismatch between
client capabilities may cause calls to be initiated with costs contrary to
the expectation of the end user; this could, of course, be done maliciously
as well as by accident.  A back reference to the federation section with
appropriate text (or text focusing on the attack surface) might be
appropriate.

Nits: I find the text:

    Today, in the context of the SIMPLE working group,

somewhat odd in the context of an archival document.