Re: [Sip] Using TLS in the first hop - Bug in RFC 5630

Iñaki Baz Castillo <ibc@aliax.net> Thu, 15 September 2011 17:48 UTC

Return-Path: <ibc@aliax.net>
X-Original-To: sip@ietfa.amsl.com
Delivered-To: sip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1157521F8A57 for <sip@ietfa.amsl.com>; Thu, 15 Sep 2011 10:48:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.649
X-Spam-Level:
X-Spam-Status: No, score=-2.649 tagged_above=-999 required=5 tests=[AWL=0.028, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lfnf6ALUr43L for <sip@ietfa.amsl.com>; Thu, 15 Sep 2011 10:48:37 -0700 (PDT)
Received: from mail-qy0-f172.google.com (mail-qy0-f172.google.com [209.85.216.172]) by ietfa.amsl.com (Postfix) with ESMTP id 709D321F8AF5 for <sip@ietf.org>; Thu, 15 Sep 2011 10:48:37 -0700 (PDT)
Received: by qyk32 with SMTP id 32so5311141qyk.10 for <sip@ietf.org>; Thu, 15 Sep 2011 10:50:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.67.148 with SMTP id r20mr1200226qci.64.1316109044104; Thu, 15 Sep 2011 10:50:44 -0700 (PDT)
Received: by 10.229.79.207 with HTTP; Thu, 15 Sep 2011 10:50:44 -0700 (PDT)
In-Reply-To: <EDC0A1AE77C57744B664A310A0B23AE220C0DC0D@FRMRSSXCHMBSC3.dc-m.alcatel-lucent.com>
References: <CALiegfkNfJ7McZAA=a5ajYVzYtmAjC_KQdK1P_ez2L1dia5v2g@mail.gmail.com> <CFFC2869-C704-423E-974D-3F4B93145BBB@edvina.net> <CALiegfnh2C3GNddnneepcVsGgtOd1pSDBVC3uH72S1KaVT_jHg@mail.gmail.com> <3EBDBBCF-C3F3-4C64-B010-4F275B0A5A96@edvina.net> <CALiegfkKSHiEWF5+Lz5FBEawNc6ST1s3+MLYeBnUJedFjxQoDw@mail.gmail.com> <40FFF683-2CA1-4436-9421-42ACC205A42C@acmepacket.com> <CALiegf=Z3qZey-+0=wqN80BjS6Jn5V8tFU_w2LtS7O5v-jXK+Q@mail.gmail.com> <9825F789-887F-44CD-BD43-C000929E5B17@acmepacket.com> <CALiegfms0=Khcc_kKiGfcO6hUcd8-nDxG16bBN_SxCatuvAejA@mail.gmail.com> <2966AE2F-BBED-4E97-A27B-6E55279ED9FF@acmepacket.com> <EDC0A1AE77C57744B664A310A0B23AE220C0DC0D@FRMRSSXCHMBSC3.dc-m.alcatel-lucent.com>
Date: Thu, 15 Sep 2011 19:50:44 +0200
Message-ID: <CALiegf=b7vB3r5dt_kA1gFa0vKu9eMiLA+JXwN0Htsuv20WSCA@mail.gmail.com>
From: =?UTF-8?Q?I=C3=B1aki_Baz_Castillo?= <ibc@aliax.net>
To: "DRAGE, Keith (Keith)" <keith.drage@alcatel-lucent.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: "<sip@ietf.org>" <sip@ietf.org>, "Olle E. Johansson" <oej@edvina.net>
Subject: Re: [Sip] Using TLS in the first hop - Bug in RFC 5630
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Sep 2011 17:48:38 -0000

2011/9/15 DRAGE, Keith (Keith) <keith.drage@alcatel-lucent.com>om>:
> If you know that TLS is being used on the local hop, but have absolutely no knowledge of whether it is being used anywhere else, how useful is that?

Typical case:

- Clients connected to a proxy using TLS (to secure communication in
private networks and untrusted Internet access as most ADSL's).
- The provider proxy uses UDP to contact the PSTN gateways of the
provider (which don't support TLS), or other SIP carriers in the
world.

This is the most common SIP scenario AFAIK, and here using SIP over
TLS between clients and their proxy is a good choice.

-- 
Iñaki Baz Castillo
<ibc@aliax.net>