Re: [dispatch] Fwd: New Version Notification for draft-johansson-dispatch-dane-sip-00.txt
Rifaat Shekh-Yusef <rifaat.ietf@gmail.com> Thu, 02 January 2014 18:34 UTC
Return-Path: <rifaat.ietf@gmail.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13E141AD0EA for <dispatch@ietfa.amsl.com>; Thu, 2 Jan 2014 10:34:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i__9hSKWgBRF for <dispatch@ietfa.amsl.com>; Thu, 2 Jan 2014 10:34:48 -0800 (PST)
Received: from mail-ee0-x22e.google.com (mail-ee0-x22e.google.com [IPv6:2a00:1450:4013:c00::22e]) by ietfa.amsl.com (Postfix) with ESMTP id D022A1ACC8B for <dispatch@ietf.org>; Thu, 2 Jan 2014 10:34:47 -0800 (PST)
Received: by mail-ee0-f46.google.com with SMTP id d49so6362929eek.19 for <dispatch@ietf.org>; Thu, 02 Jan 2014 10:34:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=+dfHLXryvp3ybgLhGAtiAf+L8XyojOitQQmqn0mkvts=; b=BgzIVCu7c91cVsWliMammDGRHqUCmG8Y7SW6Jt8cnZTvTU2TbRnolCCLJGRVtsumvJ 3VCsCkBiDbnAs11zdzNrtUQgZWly2+xSXi7cMBNUDYhgybLQnzfFuFzzqgC3no4IgYmg 2yICvxqXis1bPrQJ2KD8IZTpcnp3x+qjv2xCWFYSy0OfJB7MgrsjUhfzlhWZw1QDubTM NH83w4zckxYabADFVERrbhPEU1sAPX+hFQWnrSqc7v4xRitgLVLJ+ccbnhtyV1inExiM zJfW0X7DYw1hQN7nixK5Pb2za5h2JWl64MntnOaeobF/d0xhO4EXj2eJiZzbc2b9diKT KNgA==
MIME-Version: 1.0
X-Received: by 10.15.34.197 with SMTP id e45mr17016195eev.61.1388687680366; Thu, 02 Jan 2014 10:34:40 -0800 (PST)
Received: by 10.14.53.78 with HTTP; Thu, 2 Jan 2014 10:34:40 -0800 (PST)
In-Reply-To: <0BA14051-5C7F-4416-8CD2-413347D540D3@edvina.net>
References: <20140102101042.27427.64547.idtracker@ietfa.amsl.com> <0BA14051-5C7F-4416-8CD2-413347D540D3@edvina.net>
Date: Thu, 02 Jan 2014 13:34:40 -0500
Message-ID: <CAGL6epLG7DwzBJFpQ=-9mLf9S8f5JLkiCFWu-yrLsWmaRy+x7Q@mail.gmail.com>
From: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
To: "Olle E. Johansson" <oej@edvina.net>
Content-Type: multipart/alternative; boundary="089e016353cae46b0f04ef010bd9"
Cc: "dispatch@ietf.org list" <dispatch@ietf.org>
Subject: Re: [dispatch] Fwd: New Version Notification for draft-johansson-dispatch-dane-sip-00.txt
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jan 2014 18:34:51 -0000
Hi Olle, >Can we improve upon MD5 digest authentication? Take a look at the following HTTPAuth WG document: https://datatracker.ietf.org/doc/draft-ietf-httpauth-digest/ I have been working on this for some time, with SIP in mind. This started as an attempt to update RFC2617, and now it is a different document that will obsolete RFC2617. The document updates 3 aspects of RFC2617: 1. Algorithms agility: use of SHA2 2. Internationalization 3. Username hashing I am planning on writing a document to update the digest algorithms for SIP. Regards, Rifaat On Thu, Jan 2, 2014 at 5:16 AM, Olle E. Johansson <oej@edvina.net> wrote: > Hi! > I have renamed my draft and resubmitted it again. Adding DNSsec/DANE > support to SIP is not a bad idea in my point of view. > > If the view gets larger we might want to focus a bit more on security > aspects of SIP in the RAI area. There are many issues to look at. Why isn't > S/MIME deployed, how do we get more TLS - if that's what we want? Can we > improve upon MD5 digest authentication? Do we want to fix SIP identity that > many claim is broken? Is it possible to set up sessions with end2end > security? > > Happy New Year! > > /O > > > > Begin forwarded message: > > > > A new version of I-D, draft-johansson-dispatch-dane-sip-00.txt > > has been successfully submitted by Olle E. Johansson and posted to the > > IETF repository. > > > > Name: draft-johansson-dispatch-dane-sip > > Revision: 00 > > Title: TLS sessions in SIP using DNS-based Authentication > of Named Entities (DANE) TLSA records > > Document date: 2014-01-02 > > Group: Individual Submission > > Pages: 9 > > URL: > http://www.ietf.org/internet-drafts/draft-johansson-dispatch-dane-sip-00.txt > > Status: > https://datatracker.ietf.org/doc/draft-johansson-dispatch-dane-sip/ > > Htmlized: > http://tools.ietf.org/html/draft-johansson-dispatch-dane-sip-00 > > > > > > Abstract: > > Use of TLS in the SIP protocol is defined in multiple documents, > > starting with RFC 3261. The actual verification that happens when > > setting up a SIP TLS connection to a SIP server based on a SIP URI is > > described in detail in RFC 5922 - SIP Domain Certificates. > > > > In this document, an alternative method is defined, using DNS-Based > > Authentication of Named Entities (DANE). By looking up TLSA DNS > > records and using DNSsec protection of the required queries, > > including lookups for NAPTR and SRV records, a SIP Client can verify > > the identity of the TLS SIP server in a different way, matching on > > the SRV host name in the X.509 PKIX certificate instead of the SIP > > domain. This provides more scalability in hosting solutions and make > > it easier to use standard CA certificates (if needed at all). > > > > This document updates RFC 5922. > > > > > > _______________________________________________ > dispatch mailing list > dispatch@ietf.org > https://www.ietf.org/mailman/listinfo/dispatch >
- [dispatch] Fwd: New Version Notification for draf… Olle E. Johansson
- Re: [dispatch] Fwd: New Version Notification for … Rifaat Shekh-Yusef
- Re: [dispatch] Fwd: New Version Notification for … Olle E. Johansson
- Re: [dispatch] Fwd: New Version Notification for … Paul Kyzivat
- Re: [dispatch] New Version Notification for draft… Olle E. Johansson
- Re: [dispatch] New Version Notification for draft… Iñaki Baz Castillo
- Re: [dispatch] New Version Notification for draft… Iñaki Baz Castillo
- Re: [dispatch] New Version Notification for draft… Paul Kyzivat
- Re: [dispatch] New Version Notification for draft… Olle E. Johansson
- Re: [dispatch] New Version Notification for draft… Olle E. Johansson
- Re: [dispatch] New Version Notification for draft… Iñaki Baz Castillo
- Re: [dispatch] New Version Notification for draft… Olle E. Johansson
- Re: [dispatch] New Version Notification for draft… Iñaki Baz Castillo
- Re: [dispatch] New Version Notification for draft… Olle E. Johansson
- Re: [dispatch] New Version Notification for draft… Rifaat Shekh-Yusef
- Re: [dispatch] New Version Notification for draft… Paul Kyzivat
- [dispatch] New SIP digest algorithm … Re: New Ver… Cullen Jennings (fluffy)
- Re: [dispatch] New SIP digest algorithm … Re: New… Paul Kyzivat
- Re: [dispatch] New SIP digest algorithm … Re: New… Rifaat Shekh-Yusef
- Re: [dispatch] New Version Notification for draft… Olle E. Johansson