From: The IESG To: IETF-Announce Subject: Protocol Action: 'A Framework for Consent-based Communications in the Session Initiation Protocol (SIP)' to Proposed Standard Message-Id: <20080207224926.AEFF73A78AA@core3.amsl.com> Date: Thu, 7 Feb 2008 14:49:26 -0800 (PST) Cc: sip mailing list , sip chair , Internet Architecture Board , RFC Editor The IESG has approved the following document: - 'A Framework for Consent-based Communications in the Session Initiation Protocol (SIP) ' as a Proposed Standard This document is the product of the Session Initiation Protocol Working Group. The IESG contact persons are Cullen Jennings and Jon Peterson. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-sip-consent-framework-04.txt Technical summary. The Session Initiation Protocol (SIP) supports communications across many media types, including real-time audio, video, text, instant messaging, and presence. In its current form, it allows session invitations, instant messages, and other requests to be delivered from one party to another without requiring explicit consent of the recipient. Without such consent, it is possible for SIP to be used for malicious purposes, including amplification, and DoS (Denial of Service) attacks. This document identifies a framework for consent-based communications in SIP. Working group summary. There is consensus in the working group to publish this document. The document came about due to security area concerns about the need to protect against denial of service attacks and amplification attacks when various relay and uri-list mechanisms are used in SIP. Document Quality The document has been extensively reviewed and discussed by the SIP WG since 2004.