Reviewer: Spencer Dawkins
Review Date: 2007-11-28
IETF LC End Date: 2007-12-10
IESG Telechat date: (not known)
Summary: This document is on the right track for publication as a Proposed
Standard, but some open issues remain (see comments).
I have a lot of comments, but most are about the document, not about the
I have substantive comments (s/Spencer:/), plus comments about clarity and
nits that are not part of the Gen-ART review, but are included for editor
My biggest concern is about the interaction of "replying to all other
recipients" with forking proxies located downstream (maybe this isn't a
problem, and if it is, it may not be a big one, but I'd like to see some
discussion about it - there's not any that I could find).
There's a lot more text about requests than about one-to-many responses -
responses aren't included in the terminology section at all, for example.
Are the parts of the spec that covers responses as baked as the parts that
I have some fairly dramatic (but not complex) suggestions about document
structure (for example, move the 2119 language in the introduction to its
own section, located somewhere after the 2119 boilerplate.
This document specifies a mechanism that allows a SIP User Agent
Client (UAC) to request a SIP URI-list (Uniform Resource Identifier
list) service to send a SIP MESSAGE request to a set of destinations.
Spencer (clarity): this sentence is correct but doesn't parse well for me.
Suggest "This document specifies a mechanism that allows a SIP User Agent
Client (UAC) to send a SIP MESSAGE request to a set of destinations, by
using a SIP URI-list (Uniform Resource Identifier list) service."
Spencer: would the name "SIP URI-list exploder service" more clearly match
similar functionality in e-mail, etc.?
The client sends a SIP MESSAGE request that includes the payload
along with the URI-list to the MESSAGE URI-list service, which sends
a similar MESSAGE request to each of the URIs included in the list.
Spencer (clarity): "similar" isn't precise - the document later defines
"similar" as "contains a copy of the body included in the original MESSAGE
request", so maybe s/similar/copy of the body included in the original
MESSGAGE request/ here, and maybe even dropping "similar" later in the
RFC 3261 (SIP) [RFC3261] is extended by RFC 3428 [RFC3428] to carry
Spencer (clarity): I appreciate your clues on RFC references ("SIP"), and
suggest that you provide "(SIP extension for instant messaging)" for RFC
3428 (even *I* remember what 3261 is, but was guessing at 3428 until I
instant messages in MESSAGE requests. One of the aspects of MESSAGE
requests according to RFC 3428 [RFC3428] is the lack of support for
Spencer (clarity): this text confuses me (it seems to say that 3428
explicitly says there's no support for this, but I can't find that anywhere
in 3428 - the closest thing is in the second paragraph of section 2, which
is describing the generic pager model, not MESSAGE). Suggest replacing with
"SIP-based messaging, as described in RFC 3428, does not provide a mechanism
to send the same request to multiple recipients, or replying to all
recipients of a SIP MESSAGE request. This memo addresses these functions".
sending the same request to multiple recipients and replying to all
recipients of a SIP MESSAGE request. This memo addresses these
Spencer: I am surprised to see requirements expressed using 2119 language in
the Introduction (and before the 2119 boilerplate, which is in the
Terminology section). My suggestion is to move the rest of this section to a
new section, following Terminology.
A first requirement can be expressed as:
REQ-1: It MUST be possible for a user to send an instant message
request to an ad-hoc group, where the identities of the recipients
are carried in the message itself.
One possibility to fulfill the above requirement is to establish a
session of instant messages with an instant messaging conference
Spencer: should this have an informative reference to RFC 4975? and maybe
say "MSRP session" explicitly? unless you are talking about something
server. While this option seems to be reasonable in many cases, in
other situations the sending user just wants to send a small page-
mode instant message to an ad-hoc group without the burden of setting
up a session. This document focuses on sending a page-mode instant
message to a number of intended recipients.
A second requirement addresses the "Reply-to-All" functionality:
REQ-2: It MUST be possible for the recipient of a group instant
message to send a message to all other participants that received
the same group instant message (i.e., Reply-To-All).
Spencer: RFC 3428 explicitly allows proxies to fork MESSAGE requests (in
section 6) and normal proxy processing applies (you get one response back
from the proxy, even if there were multiple successful deliveries). Will
this mechanism meet this requirement, even if there are forking proxies
downstream from the URI-list service? (I don't see the word "fork" in this
document at all - should I be worried?)
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in BCP 14, RFC 2119
[RFC2119] and indicate requirement levels for compliant
MESSAGE URI-list service: SIP application service that receives a
Spencer (nit): it would be nice to be consistent between "SIP URI-list
service", "MESSAGE URI-list service", and any other variants you find... are
these all the same thing, in this document?
Spencer: should there be some reference to the respond-to-all functionality
in this definition?
MESSAGE request with a URI-list and sends a similar MESSAGE
request to each URI in the list. In this context, similar
indicates that some SIP header fields can change, but the MESSAGE
URI-list service will not change the instant message payload.
MESSAGE URI-list services behave effectively as specialised B2BUAs
Spencer (clarity): this is a useful hint - perhaps it could be stated
explicitly in the early parts of the document (Abstract, Introduction)?
(Back-To-Back-User-Agents). A server providing MESSAGE URI-list
services can also offer URI-list services for other methods,
although this functionality is outside the scope of this document.
In this document we only discuss MESSAGE URI-list services.
A UAC creates a MESSAGE request that contains a multipart body
including a list of URIs (intended recipients) and an instant
message. The list of URIs is formatted according to the XML Formats
Spencer (nit): this text would be easier to read if you either put quotes
around document titles or just used the references with no titles
("according to [RFC4826]"). Your choice.
for Representing Resource List [RFC4826] and extended with the
attributes defined in the XML Format Extension for Representing Copy
Control Attributes in Resource Lists
[I-D.ietf-sipping-capacity-attribute]. The UAC sends this MESSAGE
request to the MESSAGE URI-list service. On reception of this
incoming MESSAGE request, the MESSAGE URI-list service creates a
MESSAGE request per intended recipient (listed in the URI-list) and
copies the instant message payload to each of those MESSAGES. The
MESSAGE URI-list service also manipulates the XML resource list
according to the procedures indicated in the XML Format Extension for
Representing Copy Control Attributes in Resource Lists
[I-D.ietf-sipping-capacity-attribute], and attaches the result to
each of the MESSAGE requests, along with the instant message payload.
Then the MESSAGE URI-list service sends each of the created outgoing
MESSAGE request to the respective receiver.
4. URI-List document
As described in the XML Format Extension for Representing Copy
Control Attributes in Resource Lists
[I-D.ietf-sipping-capacity-attribute], each URI can be tagged with a
'copyControl' attribute set to either "to", "cc", or "bcc",
indicating the role in which the recipient will get the MESSAGE
request. Additionally, URIs can be tagged with the 'anonymize'
attribute to prevent that the MESSAGE URI-list server discloses the
target URI in a URI-list.
Spencer (clarity): the previous text largely restates what's in the Overview
section, with some additional detail, but not a lot. Could it be one place
or the other?
Nevertheless, the XML Formats for Representing Resource Lists
Spencer (nit): I don't get "Nevertheless" here. Is it needed?
[RFC4826] document provides features, such as hierarchical lists and
the ability to include entries by reference relative to the XCAP root
URI, that are not needed by the MESSAGE URI-list service defined in
this document, which only needs to transfer a flat list of URIs
between a UA (User Agent) and the MESSAGE URI-list server.
Spencer: I'm confused here. Are you telling people they don't need to
implement parts of the specification? ([RFC4826] is a Proposed Standard -
what happens if a UAC DOES send a URI-list with a hierarchy?) Maybe this is
explained sufficiently at the end of Section 6, but at the very least,
there's duplicated text between this paragraph and section 6.
6. Procedures at the User Agent Client
Typically, the MESSAGE URI-list service will copy all the significant
header fields in the outgoing MESSAGE request. However, there might
be cases where the SIP UA wants the MESSAGE URI-list service to add a
particular header field with a particular value, even if the header
field wasn't present in the MESSAGE request sent by the UAC. In this
case, the UAC MAY use the "?" mechanism described in Section 19.1.1
of RFC 3261 [RFC3261] to encode extra information in any URI in the
list. However, the UAC MUST NOT use the special "body" hname (see
Section 19.1.1 of RFC 3261 [RFC3261]) to encode a body, since the
body is present in the MESSAGE request itself.
Spencer: is it clear what response is returned to a UAC that does use the
The XML Format for Representing Resource Lists [RFC4826] document
provides features, such as hierarchical lists and the ability to
include entries by reference relative to the XCAP root URI. However,
these features are not needed by the multiple MESSAGE URI-List
service defined in this document.Therefore, when using the default
resource list document, UAs SHOULD use flat lists (i.e., no
hierarchical lists) and SHOULD NOT use <entry-ref> elements.
Spencer: see previous concerns about similar text above, but now I'm
wondering why this is SHOULD/SHOULD NOT - I'd be less concerned if it was
7.1. Determining the intended recipient
Section 4.1 of the Framework and Security Considerations for SIP URI-
Spencer (nit): In addition to my previous suggestion about quoting document
titles, etc. I would also love to see the document titles omitted when the
same document is referenced twice in two consecutive sentences :-) - just
"[ref]" would be sufficient.
List Services [I-D.ietf-sipping-uri-services] discusses cases when
duplicated URIs are found in a URI-list. In order to avoid
duplicated requests, MESSAGE URI-list services MUST take those
actions specified in Framework and Security Considerations for SIP
URI-List Services [I-D.ietf-sipping-uri-services] into account to
avoid sending duplicated request to the same recipient.
7.2. Creating an outgoing MESSAGE request
Failing to copy the From header field of the sender would
prevent the recipient to get a hint of the sender's identity.
Note also that this requirement does not intend to contradict
requirements for additional services running on the same
physical node. Specifically, a privacy service (see RFC 3323
[RFC3323]) can be co-located with the MESSAGE URI-list service,
in which case, the privacy service has precedence over the
Spencer: does "has precedence over" mean "is invoked before"? If not, I'm
not sure what it does mean.
MESSAGE URI-list service.
7.3. Composing bodies in the outgoing MESSAGE request
When creating the body of each of the outgoing MESSAGE requests, the
MESSAGE URI-list service tries to keep the relevant bodies of the
Spencer: "tries to keep"? something like "keeps, except for the following
incoming MESSAGE request and copies them to the outgoing MESSAGE
request. The following guidelines are provided:
o If a MESSAGE URI-list service includes a URI-list in an outgoing
MESSAGE request, it SHOULD use S/MIME (RFC 3851) [RFC3851] to
encrypt the URI-list with the public key of the receiver.
Spencer: I note that this is an S/MIME SHOULD in 2007... mumble.
Ietf mailing list