Re: [dispatch] E2E Secure Messaging for SIP/SIMPLE

Christer Holmberg <> Mon, 06 November 2017 15:21 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7844413FC44 for <>; Mon, 6 Nov 2017 07:21:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id gTYCJNKDP632 for <>; Mon, 6 Nov 2017 07:21:16 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 8F82E13FC37 for <>; Mon, 6 Nov 2017 07:21:16 -0800 (PST)
X-AuditID: c1b4fb2d-bf5ff7000000268d-be-5a007dea5273
Received: from (Unknown_Domain []) by (Symantec Mail Security) with SMTP id DB.A6.09869.AED700A5; Mon, 6 Nov 2017 16:21:14 +0100 (CET)
Received: from ([]) by ([]) with mapi id 14.03.0352.000; Mon, 6 Nov 2017 16:21:14 +0100
From: Christer Holmberg <>
To: Ben Campbell <>, "" <>
CC: Russ Housley <>
Thread-Topic: [dispatch] E2E Secure Messaging for SIP/SIMPLE
Thread-Index: AQHTUnj52iNISz9ukkGYWEO9it9RQaMHgu6A
Date: Mon, 06 Nov 2017 15:21:13 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
x-originating-ip: []
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrGIsWRmVeSWpSXmKPExsUyM2K7me6rWoYogyfH9Czmd55mt1g6aQGr xasXN9kdmD2WLPnJ5DFr5xMWj1V3vrAGMEdx2aSk5mSWpRbp2yVwZZye+YWtoIevYsLxPqYG xoXcXYycHBICJhJTLk1i7mLk4hASOMwocbbrE5SzCMjZOJupi5GDg03AQqL7nzZIg4iAt8T8 bR9YQGxmAXWJ5yv72EBsYQFric62V6wg5SICNhJ3PthBmEYSs9qyQEwWARWJx9v1QIp5gYob W/eCNQoJ2EmsWPsIbCCngL3El5uLwGxGATGJ76fWMEEsEpe49WQ+E8TFAhJL9pxnhrBFJV4+ /scKYosK6ElsOHGbHWSVhICixPJ+OYhWPYkbU6ewQdjWEsvvfmWFsLUlli18zQxxjqDEyZlP WCYwis9Csm0WkvZZSNpnIWmfhaR9ASPrKkbR4tTi4tx0I2O91KLM5OLi/Dy9vNSSTYzA2Du4 5bfuDsbVrx0PMQpwMCrx8F7JZIgSYk0sK67MPcQowcGsJMK7XR0oxJuSWFmVWpQfX1Sak1p8 iFGag0VJnNdh34UIIYH0xJLU7NTUgtQimCwTB6dUA2PUeRvtH7M6gjYoztidbXDQ9FTJN89o b+/3VfoOrnJNxbtERPyLSs+UXb9TXGWoOyfAbyL/QR3npQeSFgqxfr665FTLrxc/2E6ui49Z /W53ufjSBKeYAxx7Zoex98fvnPAo40faqWV39u2dbfPI518mR//qGafky18sLWHKLxN593pq 3poJoeuVWIozEg21mIuKEwGVhAt5uQIAAA==
Archived-At: <>
Subject: Re: [dispatch] E2E Secure Messaging for SIP/SIMPLE
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DISPATCH Working Group Mail List <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 06 Nov 2017 15:21:18 -0000


A few initial comments:


The text says:

"This document discusses the use of S/MIME with SIP based messaging.²

However, the document also covers MSRP, and I don¹t know if that counts as
³SIP based². Perhaps it would be better to explicitly say ³SIP based
messaging and MSRP², ³SIP- and MSRP based messaging², or something?


While section 4 describes the applicability of S/MIME, I think it would be
good to mention in section 1 and/or 3 exactly what encryption you are
talking about (i.e., encryption of bodies/content).


Section 3 says:

"encryption across a session of messages"

What does that mean?




On 31/10/17 20:47, "dispatch on behalf of Ben Campbell"
< on behalf of> wrote:

>(strictly as an individual)
>Hi everyone,
>Russ and I submitted a draft [1] on the use of S/MIME for the SIP MESSAGE
>method and for MSRP. It mainly offers clarifications of the S/MIME
>guidance in RFCs 3261, 3428, and 4975, but it also makes a few updates.
>The main use case we have in mind is for where organizations want to send
>secure notifications to their users. For example, financial organizations
>send transaction notices, organizations send password update notices, 2FA
>notices, etc. Much of that is currently done over various mobile
>messaging systems (SMS, etc). Most of that is done with no e2e
>authentication or integrity protection. We¹d like to enable at least
>end-to-end signed messaging for SIP based mobile messaging systems.
>We would appreciate it if people would take a look, and send your