Re: Evaluation: draft-ietf-sipping-3pcc - Best Current Practices for Third Party Call Control in the Session Initiation Protocol

[Erik Nordmark <Erik.Nordmark@sun.com>]

                      Yes  No-Objection  Discuss  Abstain
Erik Nordmark        [   ]     [   ]     [ x ]     [   ]

I'd like to understand two things better.

In section 10 on click to dial the example shows an HTTP POST which magically
makes the controller aware of the SIP URI for user's phone.
I'm concerned about the privacy implications if this is implemented
in a fashion that is easy to use - a single button to click - since
that presumably implies that every HTTP POST will contain the user's phone
number. The alternative - a form to fill out with the SIP URI for each
click to type - is too hard to use.

An alternative where the user receives the SIP URI of the customer service rep
and performs the call itself doesn't have this issue, but assumes that there
is VoIP in the user's computer and not a separate POTS phone.


Section 12.2 second paragraph says 
    So long as it is
   not attempting to explicitly disable these mechanisms, the protocols
   will properly operate end-to-end, resulting in a secure media session
   that even the controller cannot eavesdrop or modify.

The sentence reads as the worst case being a controller causing a denial of
service. But can't the controller trivially be a MiTM for the media session(s)
in this case?  

  Erik