IETF Logo Mail Archive

Re: [Rucus] Comparison of disposable SIP URI and IPsec solutions toSPIT

"Dan Wing" <dwing@cisco.com> Thu, 20 March 2008 16:27 UTC

Return-Path: <rucus-bounces@ietf.org>
X-Original-To: ietfarch-rucus-archive@core3.amsl.com
Delivered-To: ietfarch-rucus-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C700F28C5E0; Thu, 20 Mar 2008 09:27:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.194
X-Spam-Level:
X-Spam-Status: No, score=-101.194 tagged_above=-999 required=5 tests=[AWL=-0.757, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DJbLWBLc-BeX; Thu, 20 Mar 2008 09:27:35 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 12A5028C2C4; Thu, 20 Mar 2008 09:27:35 -0700 (PDT)
X-Original-To: rucus@core3.amsl.com
Delivered-To: rucus@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AF1CA28C24A for <rucus@core3.amsl.com>; Thu, 20 Mar 2008 09:27:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f66iSsGFFy+I for <rucus@core3.amsl.com>; Thu, 20 Mar 2008 09:27:34 -0700 (PDT)
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id 0C05328C57E for <rucus@ietf.org>; Thu, 20 Mar 2008 09:27:34 -0700 (PDT)
Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-6.cisco.com with ESMTP; 20 Mar 2008 09:25:16 -0700
Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-3.cisco.com (8.12.11/8.12.11) with ESMTP id m2KGPGU9003418; Thu, 20 Mar 2008 09:25:16 -0700
Received: from dwingwxp01 ([10.32.240.197]) by sj-core-1.cisco.com (8.13.8/8.13.8) with ESMTP id m2KGPFxm006399; Thu, 20 Mar 2008 16:25:16 GMT
From: Dan Wing <dwing@cisco.com>
To: 'Pars Mutaf' <pars.mutaf@gmail.com>
References: <18a603a60803190620x460168c1m2f7ccd43a2fcfa83@mail.gmail.com> <5AB50DEF-5830-48C2-83ED-C6D83BBD9521@cs.columbia.edu> <079f01c88a1a$c1d00f40$c5f0200a@cisco.com> <18a603a60803200303r23d26a0aoe6b3d44f3dbcd166@mail.gmail.com>
Date: Thu, 20 Mar 2008 09:25:15 -0700
Message-ID: <029c01c88aa6$fb60d2d0$c5f0200a@cisco.com>
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
In-Reply-To: <18a603a60803200303r23d26a0aoe6b3d44f3dbcd166@mail.gmail.com>
Thread-Index: AciKcq1krujwqlhjSTa1dLqdwczRTQAM+/BQ
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=577; t=1206030316; x=1206894316; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@cisco.com; z=From:=20=22Dan=20Wing=22=20<dwing@cisco.com> |Subject:=20RE=3A=20[Rucus]=20Comparison=20of=20disposable= 20SIP=20URI=20and=20IPsec=20solutions=20toSPIT |Sender:=20; bh=8zHVMR7mKAGW2L9TMgR/4+nIBA/7ayJbydU4qo7jNPM=; b=Fzg14QLp6GhKEQ+Br4eGgZ+sE1X5hlm6zcgn7KRzeSNBT30CMpGXz6G1Q2 5g9deEggKNSARFLFpBXNvMME5JFf1GDlY5XhI6fMtzhg8ge1z++aWKkb0PxZ sDX96g9ozt;
Authentication-Results: sj-dkim-3; header.From=dwing@cisco.com; dkim=pass ( sig from cisco.com/sjdkim3002 verified; );
Cc: rucus@ietf.org
Subject: Re: [Rucus] Comparison of disposable SIP URI and IPsec solutions toSPIT
X-BeenThere: rucus@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Reducing Unwanted Communication Using SIP \(RUCUS\)" <rucus.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/rucus>, <mailto:rucus-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/rucus>
List-Post: <mailto:rucus@ietf.org>
List-Help: <mailto:rucus-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rucus>, <mailto:rucus-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: rucus-bounces@ietf.org
Errors-To: rucus-bounces@ietf.org

> >  That seems reasonable.  Of course, protecting your SIP
> >  signaling with (D)TLS would protect from such eavesdropping.
> 
> I am curious, why one would use Datagram TLS and not IPsec.

TLS is specified in RFC3261, and DTLS is specified in an individual
draft (draft-jennings-sip-dtls-05.txt).  RFC3261 explicitly says
that IPsec isn't described in RFC3261 (see end of page 238).  And,
due to IPsec's lack of an API to verify that traffic is protected
with IPsec, an application (such as SIP) cannot verify that its
communications are IPsec protected.

-d

_______________________________________________
Rucus mailing list
Rucus@ietf.org
https://www.ietf.org/mailman/listinfo/rucus

v2.23.0 | Report a Bug | By Email