RE: [Sip] Reviewers for the sec-agree draft
"Vesa Torvinen (LMF)" <Vesa.Torvinen@lmf.ericsson.se> Tue, 21 May 2002 14:49 UTC
Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA12852 for <sip-archive@odin.ietf.org>; Tue, 21 May 2002 10:49:19 -0400 (EDT)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id KAA22575 for sip-archive@odin.ietf.org; Tue, 21 May 2002 10:49:38 -0400 (EDT)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id KAA20854; Tue, 21 May 2002 10:26:18 -0400 (EDT)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id KAA20772 for <sip@optimus.ietf.org>; Tue, 21 May 2002 10:26:09 -0400 (EDT)
Received: from penguin.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA11752 for <sip@ietf.org>; Tue, 21 May 2002 10:25:49 -0400 (EDT)
Received: from esealnt462.al.sw.ericsson.se (ESEALNT462.al.sw.ericsson.se [153.88.251.62]) by penguin.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with SMTP id g4LEQ7s7004052 for <sip@ietf.org>; Tue, 21 May 2002 16:26:07 +0200 (MEST)
Received: FROM esealnt400.al.sw.ericsson.se BY esealnt462.al.sw.ericsson.se ; Tue May 21 16:26:01 2002 +0200
Received: by esealnt400 with Internet Mail Service (5.5.2653.19) id <2JB43Z69>; Tue, 21 May 2002 16:26:01 +0200
Message-ID: <29F33B0CF787D51195FC0002A56B3DC10101B84F@efijont103>
From: "Vesa Torvinen (LMF)" <Vesa.Torvinen@lmf.ericsson.se>
To: 'James Undery' <jundery@ubiquity.net>
Cc: "Jari Arkko (LMF)" <Jari.Arkko@lmf.ericsson.se>, "Gonzalo Camarillo Gonzalez (LMF)" <Gonzalo.Camarillo@lmf.ericsson.se>, sip <sip@ietf.org>
Subject: RE: [Sip] Reviewers for the sec-agree draft
Date: Tue, 21 May 2002 16:25:57 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Sender: sip-admin@ietf.org
Errors-To: sip-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Session Initiation Protocol <sip.ietf.org>
X-BeenThere: sip@ietf.org
Text in section 3.5 is supposed to address this issue: "If digest-integrity is chosen, the 494 (Security Agreement Required) response will contain an HTTP authentication challenge. The client MUST use the qos parameter possibly together with some variant of MIME tunneling so that the Security-Verify header field in the request is integrity protected in the MIME body. Note that digest alone would not fulfill the minimum security requirements of this specification." We didn't want to specify how to use 'digest-integrity' exactly because this draft is related to negotiation - not individual mechanisms. Neither did we want to drop the mechanism from the list because someone can implement it using existing standards (e.g. MIME, B2BUA, etc). Vesa -----Original Message----- From: James Undery [mailto:jundery@ubiquity.net] Sent: 21. toukokuuta 2002 17:01 To: Gonzalo Camarillo; sip Cc: Jari Arkko (LMF); Vesa Torvinen (LMF) Subject: RE: [Sip] Reviewers for the sec-agree draft Hi, I'll have to admit myself of being guilty of not reading drafts recently. But I'd note digest-integrity needs to be dropped as it protects the body of messages only. If it can't be dropped a lpidf like extension would be required (http://www.jdrosen.net/papers/draft-rosenberg-impp-lpidf-00.txt) to place your headers in the body. James > -----Original Message----- > From: Gonzalo Camarillo [mailto:Gonzalo.Camarillo@lmf.ericsson.se] > Sent: 21 May 2002 11:02 > To: sip > Cc: Allison Mankin; Jari Arkko (LMF); Vesa Torvinen (LMF) > Subject: [Sip] Reviewers for the sec-agree draft > > > Hello folks, > > we need SIP people willing to have a look at the new version > (01) of the > sec-agree draft (released one week and a half ago). > > http://standards.ericsson.net/gonzalo/papers/draft-ietf-sip-se > c-agree-01.txt > > As you proabbly know, the previous version (00) had some problems that > were discovered during the iterim meeting in Vegas. The discovery of > problems (such as a broken SIP syntax) at that point of time > (after the > WGLC had finished) indicates that nobody in the SIP WG > bothered to read > the document. > > I am not saying that this draft is so interesting that everyone will > enjoy reading it, but we would need at least a couple of > reviewers that > are familiar with SIP and have the energy to review the document. We > cannot let the SIP WG send documents to the IESG that have > major flaws! > > > Here you have a brief summary of the changes we introduced to the new > version of the draft (01): > > The syntax has been fixed. Now it is allowed to have > different security > mechanisms listed (separated by commas or in different lines). The > previous draft used commas to separate security mechanism tokens. That > made the header field non-SIP compliant. > > The scope has been narrowed down. Before, the draft tried to > solve every > security negotiation problem that could be found in a SIP network. Now > the draft only tries to resolve the security negotiation > between a host > and its next SIP hop (e.g., UA and the outbound proxy). > > > The negotiation works as follows. The UA sends a SIP message > (typically > OPTIONS) to its outbound proxy listing its security > capabilities (e.g., > TLS and IPSec). The outbound proxy sends a response with its own > capabilities (it is important that the list in the server is static). > With this information, client and server initiate the > security mechanims > (e.g., initiate a TLS conection). > > When the client sends another SIP message to the outbound proxy, this > time using the TLS connection, it includes a header field > that contains > the list obtained previously from the server. This way, the server can > check whether a MitM changes the list in order to perform a bid-down > attack. > > Of course, this security negotiation mechanism requires that all the > security mechanisms advertised provide integrity protection, at least. > > Thank you, > > Gonzalo > -- > Gonzalo Camarillo Phone : +358 9 299 33 71 > Oy L M Ericsson Ab Mobile: +358 40 702 35 35 > Telecom R&D Fax : +358 9 299 30 52 > FIN-02420 Jorvas Email : Gonzalo.Camarillo@ericsson.com > Finland http://www.hut.fi/~gonzalo > > _______________________________________________ > Sip mailing list https://www1.ietf.org/mailman/listinfo/sip > This list is for NEW development of the core SIP Protocol > Use sip-implementors@cs.columbia.edu for questions on current sip > Use sipping@ietf.org for new developments on the application of sip > _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- [Sip] Reviewers for the sec-agree draft Gonzalo Camarillo
- RE: [Sip] Reviewers for the sec-agree draft James Undery
- RE: [Sip] Reviewers for the sec-agree draft Sanjoy Sen
- RE: [Sip] Reviewers for the sec-agree draft Vesa Torvinen (LMF)
- RE: [Sip] Reviewers for the sec-agree draft James Undery