Re: [secdir] SecDir review of draft-ietf-sipcore-sip-websocket-08
Yaron Sheffer <yaronf.ietf@gmail.com> Mon, 15 April 2013 15:42 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CF4F21F941D; Mon, 15 Apr 2013 08:42:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.193
X-Spam-Level:
X-Spam-Status: No, score=-99.193 tagged_above=-999 required=5 tests=[AWL=0.650, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, MIME_8BIT_HEADER=0.3, RCVD_IN_PBL=0.905, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HgFPpzAR8mRv; Mon, 15 Apr 2013 08:42:24 -0700 (PDT)
Received: from mail-ea0-x230.google.com (mail-ea0-x230.google.com [IPv6:2a00:1450:4013:c01::230]) by ietfa.amsl.com (Postfix) with ESMTP id F402821F941A; Mon, 15 Apr 2013 08:42:22 -0700 (PDT)
Received: by mail-ea0-f176.google.com with SMTP id h10so2229975eaj.7 for <multiple recipients>; Mon, 15 Apr 2013 08:42:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=Dh+5/o7HolePmLdoZognKVpY4l2p4tJplkVNKSasH8I=; b=WzGMPUfXcn5DPNz2xuU7c/m5fiDipjo6XnPCeMTkvY5UoZmHjJbi9TAPUHEP7eH5nd TwoEO+/YP0+fzl0lTWkxZ0Zo7xTHRLl8jXS6eMntDaz7WkaRhGA455/fWJh1GmQURFzz oJawIxshPRU3YIr0ex30J/GVyWF7pjDfDMoLIL6XZZdLCygCPEpZUE4lJ82HX5kBoFqz aWq0F8J2229fSynzKJNnbAzeBqWJtPbCbaIHvLbSxHIEmTbBExdE9DiJD71P1a6w3onT b7f1WxOcEwTzoJDVgNkqc16FELE0aYdgQZdBtg5gr96njUeiUQa5O7loSFxLvV71RA/P Bq7w==
X-Received: by 10.14.219.130 with SMTP id m2mr8188845eep.32.1366040539160; Mon, 15 Apr 2013 08:42:19 -0700 (PDT)
Received: from [10.0.0.6] ([109.65.117.169]) by mx.google.com with ESMTPS id b47sm7948470eez.2.2013.04.15.08.42.17 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 15 Apr 2013 08:42:17 -0700 (PDT)
Message-ID: <516C1FD7.2030402@gmail.com>
Date: Mon, 15 Apr 2013 18:42:15 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130329 Thunderbird/17.0.5
MIME-Version: 1.0
To: Iñaki Baz Castillo <ibc@aliax.net>
References: <5165D736.9010903@gmail.com> <CALiegfn55tepAXP2DJye6doFcd+ocY9a1oEchLLFhVo5BZf1VA@mail.gmail.com> <CALiegf=dp6veajuXNUMuVd0Re_8J-FvFiY2bqd_tzJe5uRWG=Q@mail.gmail.com> <516BBA2F.7080505@gmail.com> <CALiegfkiHxc0nCumada2kUk+dGu9o3AXCd0Gxs3MhAGnJb+UWg@mail.gmail.com> <516C1750.90505@gmail.com> <CALiegfnRmzNem9vTNnCArfyv-BnUFO6CJnmDpAK6jq8wBN80zA@mail.gmail.com>
In-Reply-To: <CALiegfnRmzNem9vTNnCArfyv-BnUFO6CJnmDpAK6jq8wBN80zA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: draft-ietf-sipcore-sip-websocket.all@tools.ietf.org, The IESG <iesg@ietf.org>, IETF Security Directorate <secdir@ietf.org>
Subject: Re: [secdir] SecDir review of draft-ietf-sipcore-sip-websocket-08
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Apr 2013 15:42:25 -0000
Authentication of incoming requests is important, but I was talking about something else: how does the client know that it is talking to the right server, e.g. when performing registration (I do hope there's a secure way to do it). Best, Yaron On 2013-04-15 18:38, Iñaki Baz Castillo wrote: > 2013/4/15 Yaron Sheffer <yaronf.ietf@gmail.com>: >> Hi again, >> >> Yes, I agree with your plan for moving forward. A few remaining comments: >> >> - Unless I missed something, you only talked about authentication of the >> client, and did not mention authentication of the server to the client. From >> the point of view of the client (and customer?) this is just as important. > > Nothing prevents a SIP WebSocket client to request authentication for > an incoming request. Is it OK if the draft also mentions it in the > appropriate section? > > > >> - Unfortunately we rarely have usable client auth with TLS. I wish we had >> something better than client certificates. In fact there are some >> implementations of RFC 5054 out there, and it would be great if you could >> accommodate them as well. > > Great. Would it be ok by mentioning such a security mechanism it in > the Security section? > > > >> - I would advise you take the draft back to the WG to have these changes >> more thoroughly reviewed. I would be more than happy to review the new >> draft, too. > > Thanks a lot. We will publish a new revision with the requested improvements. > > > > -- > Iñaki Baz Castillo > <ibc@aliax.net> >
- [secdir] SecDir review of draft-ietf-sipcore-sip-… Yaron Sheffer
- Re: [secdir] SecDir review of draft-ietf-sipcore-… Iñaki Baz Castillo
- Re: [secdir] SecDir review of draft-ietf-sipcore-… Iñaki Baz Castillo
- Re: [secdir] SecDir review of draft-ietf-sipcore-… Iñaki Baz Castillo
- Re: [secdir] SecDir review of draft-ietf-sipcore-… Yaron Sheffer
- Re: [secdir] SecDir review of draft-ietf-sipcore-… Iñaki Baz Castillo
- Re: [secdir] SecDir review of draft-ietf-sipcore-… Yaron Sheffer
- Re: [secdir] SecDir review of draft-ietf-sipcore-… Iñaki Baz Castillo
- Re: [secdir] SecDir review of draft-ietf-sipcore-… Yaron Sheffer
- Re: [secdir] SecDir review of draft-ietf-sipcore-… Iñaki Baz Castillo
- Re: [secdir] SecDir review of draft-ietf-sipcore-… Yaron Sheffer
- Re: [secdir] SecDir review of draft-ietf-sipcore-… Paul Kyzivat