[SIPForum-techwg] my final set of commernts to draft v4

Horvath, Ernst ernst.horvath at siemens.com
Wed Mar 1 04:58:58 EST 2006 

Chris,

Sorry for the lateness, but a few more minor issues with the 4th draft
were just pointed out to me.

- Section 6.1, "The PBX MAY register one or more Address of Records".
Does this refer to registration using the SIP REGISTER method? If so,
the words are misleading. A UA does not register an AoR - it registers a
contact URI against an AoR.

- Section 6.2 "MUST be prepared to accept a registration". Does this
refer to the SIP REGISTER method? If so, the SP should receive a contact
URI - is it required to do anything with it?

- Section 8 "IP addresses contained within the SIP headers of
messages..." This should also apply to IP addresses contained within the
bodies of SIP messages (e.g., SDP).

- Section 9.1, bullet 2. If the PBX is a SIP proxy, the UA will need to
provide authentication credentials, which does not seem reasonable. Does
this mean the PBX must be a B2BUA? We have made this comment before, but
nothing seems to have happened.

- Section 9.1, bullet 4. This seems to relate to the interface between
Sip proxy server (on the SP side) and the SIP application server. I
believe this interface is outside the scope of this document.

- Section 9.2, "Authentication of the Service Provider by the Enterprise
is not explicitly required by this interface specification". I think
this is in contradiction to section 7, which says "SIP Proxy Servers
MUST utilize a verifiable digital certificate to secure the TLS session"
and goes on to describe how to verify it. So at least when the TLS
connection is established in the direction enterprise to SP, it would
seem that the enterprise MUST authenticate the SP. Both 7 and 9.2 are
silent on mutual authentication, so I don't know what happens when the
TLS session is established from SP to enterprise.

- Section 14.3 "the decision to utilize DTMF relay or in-band signaling
SHOULD be a user-configurable option." It is not clear why this should
be a user matter. It is more likely to be the enterprise's
administration that will wish to control this, not the user.

- Section 15.2. Mapping to/from ISUP should be outside the scope of this
specification. 


Thanks again,
Ernst
=============
Ernst Horvath
Siemens AG
=============

More information about the techwg mailing list