Document: draft-jennings-sip-voicemail-uri-05.txt Reviewer: Scott W Brim [sbrim@cisco.com] Review Date: Friday 12/30/2005 8:06 AM CST Telechat Date: Thursday, 5 January 2006 Summary: Ready (based on discussion and resolution of concerns with authors) Review: ------- This is all very cool stuff but I have a few questions. Please pardon my lack of SIP knowledge. First, Section 4 says there is an assumption that the sender knows what target syntax is valid on the receiving system. Target syntax is apparently known with certainty when it is provided by the intended recipient e.g. in a "Moved" message. Other than that, target syntax is a local matter, right? One of the draft goals is to match expectations of ETSI and TDM systems. Do they already have some syntax defined for targets, at least for common situations? If so, and since the point of the draft is to promote common usage, shouldn't they be reproduced or referenced here? As another possibility, have you considered having a default universal target syntax, which would be converted to the local syntax by interworking functions? That would put the problem where it belongs, at the receiver (or interworker), not the sender. If you don't need this, because target syntax is always known in all reasonable deployment cases, then maybe you could redo the first paragraph of Section 4? Next ... Section 8.1 says: "Any redirection of a call to an attacker's mailbox is serious. It is trivial for an attacker to make its mailbox seem very much like the real mailbox and forward the messages to the real mailbox so that the fact that the messages have been intercepted or even tampered with escapes detection." There seems to be a general sense that the caller A must depend on the security behavior of the callee B, and that the caller has no way to authenticate the party it finally connects to (C). I don't like security dependencies. I don't know enough about SIP to make a specific suggestion, but can't A authenticate C the same way it would authenticate B in the first place? Finally, something smaller. The cause codes (aka redirecting reasons) are referred to as SIP "error" codes in 2.0. Is this just a slip, or are informational codes generally referred to as "error" codes in SIP drafts? In case you decide to do another revision, there is a typo: "This was only done for formatting and is not a valid SIP messages."