The IESG has approved the following document: - 'Correct transaction handling for 2xx responses to Session Initiation Protocol (SIP) INVITE requests ' <draft-ietf-sipcore-invfix-01.txt> as a Proposed Standard This document is the product of the Session Initiation Protocol Core Working Group. The IESG contact persons are Gonzalo Camarillo and Robert Sparks. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-sipcore-invfix-01.txt Technical Summary This document normatively updates RFC 3261, the Session Initiation Protocol (SIP), to address an error in the specified handling of certain types of transactions. It also modifies response processing under certain circumstances to address an identified security risk. Working Group Summary The mechanism in this document has good support from those working group members who participated in its discussion. Document Quality The document received significant review and comment in 2007 and 2008, when it was part of the SIP working group. By May of 2009, almost a quarter of the SIP implementations at the SIPit 24 interoperability testing event had incorporated the changes documented by this draft. The issue fixed by this document was first reported by Pekka Pessi. Early in the development of the correction documented in this work, Brett Tate identified an important and necessary modification to the proposed correction, which had significant impact on the resulting state maching. Personnel The document shepherd is Adam Roach. The responsible AD is Gonzalo Camarillo. RFC Editor Note: Section 3 paragraph 2: OLD: This requirement applies to both proxies and user agents (proxies forward the response upstream, the transaction layer at user agents forward the response to its "UA (User-Agent) core"). NEW: This requirement applies to both UAs (User Agents) and proxies (proxies forward the response upstream, the transaction layer at user agents forward the response to its "UA core"). In the IANA Considerations section add: IANA is requested to update the SIP Parameters: Method and Response Codes registry as follows: OLD: Methods Reference ------- --------- INVITE [RFC3261] NEW: Methods Reference ------- --------- INVITE [RFC3261][RFC-ietf-sipcore-invfix-01] In the Security Considerations section: OLD: However, this additional state is necessary to achieve correct operation. NEW: However, this additional state is necessary to achieve correct operation. There is some discussion of avoiding state exhaustion and other Denial-of-Service attacks in RFC 3261 section 26.3.2.4. Last paragraph of section 10 first sentence: s/possible/possibly/ Please replace "invfix" in header on pages 2 and forward with "Correct Handling for SIP 2xx responses" _______________________________________________ IETF-Announce mailing list IETF-Announce@ietf.org https://www.ietf.org/mailman/listinfo/ietf-announce
