[dispatch] E2E Secure Messaging for SIP/SIMPLE

Ben Campbell <ben@nostrum.com> Tue, 31 October 2017 18:49 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 804A613F5BD for <dispatch@ietfa.amsl.com>; Tue, 31 Oct 2017 11:49:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.88
X-Spam-Status: No, score=-1.88 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id goISVlritqul for <dispatch@ietfa.amsl.com>; Tue, 31 Oct 2017 11:49:18 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACF1913F4C1 for <dispatch@ietf.org>; Tue, 31 Oct 2017 11:49:18 -0700 (PDT)
Received: from [] (cpe-66-25-7-22.tx.res.rr.com []) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id v9VInGjj066705 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Tue, 31 Oct 2017 13:49:16 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [] claimed to be []
From: Ben Campbell <ben@nostrum.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_82169D06-B181-4993-A641-59EB1FEABD55"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 11.0 \(3445.1.7\))
Message-Id: <25B9F35E-BAE3-42A5-8621-5664246AE2E7@nostrum.com>
Date: Tue, 31 Oct 2017 13:47:56 -0500
Cc: Russ Housley <housley@vigilsec.com>
To: dispatch@ietf.org
X-Mailer: Apple Mail (2.3445.1.7)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/jgoDXd17Kzui3RkGaAGsMce9Mlw>
Subject: [dispatch] E2E Secure Messaging for SIP/SIMPLE
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Oct 2017 18:49:20 -0000

(strictly as an individual)

Hi everyone,

Russ and I submitted a draft [1] on the use of S/MIME for the SIP MESSAGE method and for MSRP. It mainly offers clarifications of the S/MIME guidance in RFCs 3261, 3428, and 4975, but it also makes a few updates.

The main use case we have in mind is for where organizations want to send secure notifications to their users. For example, financial organizations send transaction notices, organizations send password update notices, 2FA notices, etc. Much of that is currently done over various mobile messaging systems (SMS, etc). Most of that is done with no e2e authentication or integrity protection. We’d like to enable at least end-to-end signed messaging for SIP based mobile messaging systems.

We would appreciate it if people would take a look, and send your comments.

[1] https://tools.ietf.org/html/draft-campbell-sip-messaging-smime-00