Thanks for these notes Phillip. I added some text to address your second point to the Security Considerations text. As to the first, regarding Alice and Bob, I believe the usage here is consistent with IETF practice, as misguided as that may be, and I don't think amending it would clarify anything.
Jon Peterson
Neustar, Inc.
On 11/30/19, 6:06 PM, "Phillip Hallam-Baker via Datatracker" <noreply@xxxxxxxx> wrote:
Reviewer: Phillip Hallam-Baker
Review result: Has Issues
Section 1: Introduction
"If Alice calls Bob, for example, Bob might attempt to ..."
Alice, Bob and Carol are people. People do not emit JSON strings, create
signatures or do any of the things they are described as being engaged in. Only
the machines the people might possess can do such things. Anthropomorphising
Turing machines results in language that is hard to follow at best and renders
any attempt to consider UI issues impossible.
Section 12: Security Considerations
Is this going to create new means of injecting spam? It looks like it might.
Consider the case in which Sue the spammer sets up a single genuine call
between X and Y, then creates forwarding associations for 10,000 endpoints
Z0-9999. Also consider reflection type attacks in which callers responding to
spam have their numbers harvested for spoof source addresses for further spam.
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
