Re: [dispatch] Fwd: New Version Notification for draft-johansson-dispatch-dane-sip-00.txt
Rifaat Shekh-Yusef <rifaat.ietf@gmail.com> Thu, 02 January 2014 18:34 UTC
Return-Path: <rifaat.ietf@gmail.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13E141AD0EA for <dispatch@ietfa.amsl.com>; Thu, 2 Jan 2014 10:34:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i__9hSKWgBRF for <dispatch@ietfa.amsl.com>; Thu, 2 Jan 2014 10:34:48 -0800 (PST)
Received: from mail-ee0-x22e.google.com (mail-ee0-x22e.google.com [IPv6:2a00:1450:4013:c00::22e]) by ietfa.amsl.com (Postfix) with ESMTP id D022A1ACC8B for <dispatch@ietf.org>; Thu, 2 Jan 2014 10:34:47 -0800 (PST)
Received: by mail-ee0-f46.google.com with SMTP id d49so6362929eek.19 for <dispatch@ietf.org>; Thu, 02 Jan 2014 10:34:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=+dfHLXryvp3ybgLhGAtiAf+L8XyojOitQQmqn0mkvts=; b=BgzIVCu7c91cVsWliMammDGRHqUCmG8Y7SW6Jt8cnZTvTU2TbRnolCCLJGRVtsumvJ 3VCsCkBiDbnAs11zdzNrtUQgZWly2+xSXi7cMBNUDYhgybLQnzfFuFzzqgC3no4IgYmg 2yICvxqXis1bPrQJ2KD8IZTpcnp3x+qjv2xCWFYSy0OfJB7MgrsjUhfzlhWZw1QDubTM NH83w4zckxYabADFVERrbhPEU1sAPX+hFQWnrSqc7v4xRitgLVLJ+ccbnhtyV1inExiM zJfW0X7DYw1hQN7nixK5Pb2za5h2JWl64MntnOaeobF/d0xhO4EXj2eJiZzbc2b9diKT KNgA==
MIME-Version: 1.0
X-Received: by 10.15.34.197 with SMTP id e45mr17016195eev.61.1388687680366; Thu, 02 Jan 2014 10:34:40 -0800 (PST)
Received: by 10.14.53.78 with HTTP; Thu, 2 Jan 2014 10:34:40 -0800 (PST)
In-Reply-To: <0BA14051-5C7F-4416-8CD2-413347D540D3@edvina.net>
References: <20140102101042.27427.64547.idtracker@ietfa.amsl.com> <0BA14051-5C7F-4416-8CD2-413347D540D3@edvina.net>
Date: Thu, 02 Jan 2014 13:34:40 -0500
Message-ID: <CAGL6epLG7DwzBJFpQ=-9mLf9S8f5JLkiCFWu-yrLsWmaRy+x7Q@mail.gmail.com>
From: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
To: "Olle E. Johansson" <oej@edvina.net>
Content-Type: multipart/alternative; boundary="089e016353cae46b0f04ef010bd9"
Cc: "dispatch@ietf.org list" <dispatch@ietf.org>
Subject: Re: [dispatch] Fwd: New Version Notification for draft-johansson-dispatch-dane-sip-00.txt
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jan 2014 18:34:51 -0000
Hi Olle,
>Can we improve upon MD5 digest authentication?
Take a look at the following HTTPAuth WG document:
https://datatracker.ietf.org/doc/draft-ietf-httpauth-digest/
I have been working on this for some time, with SIP in mind. This started
as an attempt to update RFC2617, and now it is a different document that
will obsolete RFC2617.
The document updates 3 aspects of RFC2617:
1. Algorithms agility: use of SHA2
2. Internationalization
3. Username hashing
I am planning on writing a document to update the digest algorithms for SIP.
Regards,
Rifaat
On Thu, Jan 2, 2014 at 5:16 AM, Olle E. Johansson <oej@edvina.net> wrote:
> Hi!
> I have renamed my draft and resubmitted it again. Adding DNSsec/DANE
> support to SIP is not a bad idea in my point of view.
>
> If the view gets larger we might want to focus a bit more on security
> aspects of SIP in the RAI area. There are many issues to look at. Why isn't
> S/MIME deployed, how do we get more TLS - if that's what we want? Can we
> improve upon MD5 digest authentication? Do we want to fix SIP identity that
> many claim is broken? Is it possible to set up sessions with end2end
> security?
>
> Happy New Year!
>
> /O
>
>
>
> Begin forwarded message:
> >
> > A new version of I-D, draft-johansson-dispatch-dane-sip-00.txt
> > has been successfully submitted by Olle E. Johansson and posted to the
> > IETF repository.
> >
> > Name: draft-johansson-dispatch-dane-sip
> > Revision: 00
> > Title: TLS sessions in SIP using DNS-based Authentication
> of Named Entities (DANE) TLSA records
> > Document date: 2014-01-02
> > Group: Individual Submission
> > Pages: 9
> > URL:
> http://www.ietf.org/internet-drafts/draft-johansson-dispatch-dane-sip-00.txt
> > Status:
> https://datatracker.ietf.org/doc/draft-johansson-dispatch-dane-sip/
> > Htmlized:
> http://tools.ietf.org/html/draft-johansson-dispatch-dane-sip-00
> >
> >
> > Abstract:
> > Use of TLS in the SIP protocol is defined in multiple documents,
> > starting with RFC 3261. The actual verification that happens when
> > setting up a SIP TLS connection to a SIP server based on a SIP URI is
> > described in detail in RFC 5922 - SIP Domain Certificates.
> >
> > In this document, an alternative method is defined, using DNS-Based
> > Authentication of Named Entities (DANE). By looking up TLSA DNS
> > records and using DNSsec protection of the required queries,
> > including lookups for NAPTR and SRV records, a SIP Client can verify
> > the identity of the TLS SIP server in a different way, matching on
> > the SRV host name in the X.509 PKIX certificate instead of the SIP
> > domain. This provides more scalability in hosting solutions and make
> > it easier to use standard CA certificates (if needed at all).
> >
> > This document updates RFC 5922.
> >
> >
>
> _______________________________________________
> dispatch mailing list
> dispatch@ietf.org
> https://www.ietf.org/mailman/listinfo/dispatch
>
- [dispatch] Fwd: New Version Notification for draf… Olle E. Johansson
- Re: [dispatch] Fwd: New Version Notification for … Rifaat Shekh-Yusef
- Re: [dispatch] Fwd: New Version Notification for … Olle E. Johansson
- Re: [dispatch] Fwd: New Version Notification for … Paul Kyzivat
- Re: [dispatch] New Version Notification for draft… Olle E. Johansson
- Re: [dispatch] New Version Notification for draft… Iñaki Baz Castillo
- Re: [dispatch] New Version Notification for draft… Iñaki Baz Castillo
- Re: [dispatch] New Version Notification for draft… Paul Kyzivat
- Re: [dispatch] New Version Notification for draft… Olle E. Johansson
- Re: [dispatch] New Version Notification for draft… Olle E. Johansson
- Re: [dispatch] New Version Notification for draft… Iñaki Baz Castillo
- Re: [dispatch] New Version Notification for draft… Olle E. Johansson
- Re: [dispatch] New Version Notification for draft… Iñaki Baz Castillo
- Re: [dispatch] New Version Notification for draft… Olle E. Johansson
- Re: [dispatch] New Version Notification for draft… Rifaat Shekh-Yusef
- Re: [dispatch] New Version Notification for draft… Paul Kyzivat
- [dispatch] New SIP digest algorithm … Re: New Ver… Cullen Jennings (fluffy)
- Re: [dispatch] New SIP digest algorithm … Re: New… Paul Kyzivat
- Re: [dispatch] New SIP digest algorithm … Re: New… Rifaat Shekh-Yusef
- Re: [dispatch] New Version Notification for draft… Olle E. Johansson