Re: [Sip] New I-D on RFC4474 and phone numbers
"Elwell, John" <john.elwell@siemens.com> Wed, 20 February 2008 09:24 UTC
Return-Path: <sip-bounces@ietf.org>
X-Original-To: ietfarch-sip-archive@core3.amsl.com
Delivered-To: ietfarch-sip-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B0C1928C6C1; Wed, 20 Feb 2008 01:24:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.843
X-Spam-Level:
X-Spam-Status: No, score=-0.843 tagged_above=-999 required=5 tests=[AWL=-0.406, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fl5fofyalRuw; Wed, 20 Feb 2008 01:24:32 -0800 (PST)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AA91D28C20D; Wed, 20 Feb 2008 01:24:32 -0800 (PST)
X-Original-To: sip@core3.amsl.com
Delivered-To: sip@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D780128C181 for <sip@core3.amsl.com>; Wed, 20 Feb 2008 01:24:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j-rRx-hD1Ypd for <sip@core3.amsl.com>; Wed, 20 Feb 2008 01:24:29 -0800 (PST)
Received: from mailgate.siemenscomms.co.uk (mailgate.siemenscomms.co.uk [195.171.110.225]) by core3.amsl.com (Postfix) with ESMTP id B4C4B28C137 for <sip@ietf.org>; Wed, 20 Feb 2008 01:24:29 -0800 (PST)
Received: from GBNTHT12009MSX.gb002.siemens.net ([137.223.219.235]) by siemenscomms.co.uk (PMDF V6.3-x14 #31430) with ESMTP id <0JWJ00MC264P8A@siemenscomms.co.uk> for sip@ietf.org; Wed, 20 Feb 2008 09:24:26 +0000 (GMT)
Date: Wed, 20 Feb 2008 09:24:18 +0000
From: "Elwell, John" <john.elwell@siemens.com>
In-reply-to: <47B9125B.2060104@cisco.com>
To: Jonathan Rosenberg <jdrosen@cisco.com>, IETF SIP List <sip@ietf.org>
Message-id: <0D5F89FAC29E2C41B98A6A762007F5D069860F@GBNTHT12009MSX.gb002.siemens.net>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft Exchange V6.5
Thread-Topic: [Sip] New I-D on RFC4474 and phone numbers
Thread-Index: Achx7G+E4aUToVTYRZqr9za1269QWwBRNjNg
Content-class: urn:content-classes:message
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
References: <47B9125B.2060104@cisco.com>
Subject: Re: [Sip] New I-D on RFC4474 and phone numbers
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <http://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <http://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: sip-bounces@ietf.org
Errors-To: sip-bounces@ietf.org
Jonathan, I agree with a lot of what this says. A few comments: 1. "Unfortunately, this problem is a FUNDAMENTAL PROPERTY OF PHONE NUMBERS. No specifications or efforts on the part of IETF can fix this problem. Phone numbers are fundamentally NOT scoped to a domain, and attempts to represent them in any other form are ultimately futile from an identification perspective." But on the other hand, you can at least see what domain the request came from, and if you trust that domain, this might be of value. The particular value of the user part of the SIP URI may not be some important, in some scenarios, as the domain part. This seems to be acknowledged later when it talks about the "second model". 2. "However, in the second model, intermediate domains do not resign requests. Furthermore, UA's utilize white lists and black lists of domains that are known to be trustworthy (or not). Today, such lists do exist and are provided for email spam. One can imagine a UA contacting such a service periodically, or upon an incoming call, to verify the signing domain against the list." Or maybe the user is expecting a call from a particular domain (e.g., his bank) or answers the call and the caller announces that he/she is from the bank. Of maybe the user has called his bank and uses connected-identity to ensure that he really is connected to his bank. These all seems to be situations akin to the second model with some practical benefit. 3. "Thus, DTLS-SRTP still provides better security than Sdescriptions. However, when used with phone numbers, it is by no means ideal. Most importantly, it does NOT provide guarantees that intermediaries have not been able to intercept and decrypt the media." Not true. If you use DTLS-SRTP with RFC 4474 and an E.164 number in the SIP URI, it DOES provide a guarantee that intermediaries between the domain in the SIP URI and the UAS are unable to intercept and decrypt media. This seems to be of value in some situations. John > -----Original Message----- > From: sip-bounces@ietf.org [mailto:sip-bounces@ietf.org] On > Behalf Of Jonathan Rosenberg > Sent: 18 February 2008 05:07 > To: IETF SIP List > Subject: [Sip] New I-D on RFC4474 and phone numbers > > I just submitted: > http://www.ietf.org/internet-drafts/draft-rosenberg-sip-rfc447 > 4-concerns-00.txt > > This is basically a discussion on the security properties of rfc4474 > with phone numbers, and a comparison to rfc3325 in this case. Also a > discussion on what happens to dtls-srtp. > > Comments welcome. > > -Jonathan R. > -- > Jonathan D. Rosenberg, Ph.D. 499 Thornall St. > Cisco Fellow Edison, NJ 08837 > Cisco, Voice Technology Group > jdrosen@cisco.com > http://www.jdrosen.net PHONE: (408) 902-3084 > http://www.cisco.com > _______________________________________________ > Sip mailing list http://www.ietf.org/mailman/listinfo/sip > This list is for NEW development of the core SIP Protocol > Use sip-implementors@cs.columbia.edu for questions on current sip > Use sipping@ietf.org for new developments on the application of sip > _______________________________________________ Sip mailing list http://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- [Sip] New I-D on RFC4474 and phone numbers Jonathan Rosenberg
- Re: [Sip] New I-D on RFC4474 and phone numbers Paul Kyzivat
- Re: [Sip] New I-D on RFC4474 and phone numbers Henry Sinnreich
- [Sip] SIP & E.164 assertions Joel M. Halpern
- Re: [Sip] New I-D on RFC4474 and phone numbers Frank W. Miller
- Re: [Sip] New I-D on RFC4474 and phone numbers Dean Willis
- Re: [Sip] New I-D on RFC4474 and phone numbers Hadriel Kaplan
- Re: [Sip] New I-D on RFC4474 and phone numbers Frank W. Miller
- Re: [Sip] New I-D on RFC4474 and phone numbers Dean Willis
- Re: [Sip] New I-D on RFC4474 and phone numbers Frank W. Miller
- Re: [Sip] New I-D on RFC4474 and phone numbers Hadriel Kaplan
- Re: [Sip] New I-D on RFC4474 and phone numbers Paul Kyzivat
- Re: [Sip] New I-D on RFC4474 and phone numbers Frank W. Miller
- Re: [Sip] New I-D on RFC4474 and phone numbers Frank W. Miller
- Re: [Sip] New I-D on RFC4474 and phone numbers Jonathan Rosenberg
- Re: [Sip] SIP & E.164 assertions Jonathan Rosenberg
- Re: [Sip] New I-D on RFC4474 and phone numbers Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [Sip] New I-D on RFC4474 and phone numbers Hadriel Kaplan
- [Sip] New I-D on why From/To-URIs are changed at … Hadriel Kaplan
- Re: [Sip] New I-D on RFC4474 and phone numbers Paul Kyzivat
- Re: [Sip] SIP & E.164 assertions Paul Kyzivat
- Re: [Sip] New I-D on RFC4474 and phone numbers Paul Kyzivat
- Re: [Sip] New I-D on RFC4474 and phone numbers Richard Shockey
- Re: [Sip] New I-D on RFC4474 and phone numbers Richard Shockey
- Re: [Sip] New I-D on RFC4474 and phone numbers Hadriel Kaplan
- Re: [Sip] SIP & E.164 assertions Hadriel Kaplan
- Re: [Sip] New I-D on RFC4474 and phone numbers Richard Shockey
- Re: [Sip] New I-D on RFC4474 and phone numbers Richard Shockey
- Re: [Sip] New I-D on RFC4474 and phone numbers Paul Kyzivat
- Re: [Sip] New I-D on RFC4474 and phone numbers Paul Kyzivat
- Re: [Sip] New I-D on RFC4474 and phone numbers Hadriel Kaplan
- Re: [Sip] New I-D on RFC4474 and phone numbers Paul Kyzivat
- Re: [Sip] New I-D on RFC4474 and phone numbers Henry Sinnreich
- Re: [Sip] New I-D on RFC4474 and phone numbers Richard Shockey
- Re: [Sip] New I-D on RFC4474 and phone numbers Richard Shockey
- Re: [Sip] New I-D on RFC4474 and phone numbers Dale.Worley
- Re: [Sip] SIP & E.164 assertions Dale.Worley
- Re: [Sip] New I-D on RFC4474 and phone numbers Dean Willis
- Re: [Sip] SIP & E.164 assertions Joel M. Halpern
- Re: [Sip] SIP & E.164 assertions Hadriel Kaplan
- Re: [Sip] New I-D on RFC4474 and phone numbers Dean Willis
- Re: [Sip] New I-D on RFC4474 and phone numbers Hadriel Kaplan
- Re: [Sip] SIP & E.164 assertions Paul Kyzivat
- Re: [Sip] New I-D on RFC4474 and phone numbers Hannes Tschofenig
- [Sip] Oracle -- New I-D on RFC4474 and phone numb… Hannes Tschofenig
- Re: [Sip] New I-D on RFC4474 and phone numbers Dan Wing
- Re: [Sip] New I-D on RFC4474 and phone numbers Dan Wing
- Re: [Sip] New I-D on RFC4474 and phone numbers Dan Wing
- Re: [Sip] SIP & E.164 assertions Hadriel Kaplan
- Re: [Sip] New I-D on RFC4474 and phone numbers Richard Shockey
- [Sip] Infrastructure issues involving e164 numbers Richard Shockey
- Re: [Sip] Infrastructure issues involving e164 nu… Hannes Tschofenig
- Re: [Sip] Infrastructure issues involving e164 nu… Richard Shockey
- Re: [Sip] Infrastructure issues involving e164 nu… Paul Kyzivat
- Re: [Sip] Infrastructure issues involving e164 nu… Dan Wing
- Re: [Sip] Infrastructure issues involving e164 nu… Hannes Tschofenig
- Re: [Sip] New I-D on RFC4474 and phone numbers Francois Audet
- Re: [Sip] Infrastructure issues involving e164 nu… Richard Shockey
- Re: [Sip] New I-D on RFC4474 and phone numbers Alan Johnston
- Re: [Sip] New I-D on RFC4474 and phone numbers Paul Kyzivat
- Re: [Sip] New I-D on RFC4474 and phone numbers Francois Audet
- Re: [Sip] New I-D on RFC4474 and phone numbers Joel M. Halpern
- Re: [Sip] New I-D on RFC4474 and phone numbers Paul Kyzivat
- Re: [Sip] New I-D on RFC4474 and phone numbers Francois Audet
- Re: [Sip] New I-D on RFC4474 and phone numbers Paul Kyzivat
- Re: [Sip] Infrastructure issues involving e164 nu… Henry Sinnreich
- Re: [Sip] New I-D on RFC4474 and phone numbers Jonathan Rosenberg
- Re: [Sip] New I-D on RFC4474 and phone numbers Joel M. Halpern
- Re: [Sip] New I-D on RFC4474 and phone numbers Dale.Worley
- Re: [Sip] New I-D on RFC4474 and phone numbers Hadriel Kaplan
- Re: [Sip] Infrastructure issues involving e164 nu… Hannes Tschofenig
- Re: [Sip] New I-D on RFC4474 and phone numbers Elwell, John
- Re: [Sip] New I-D on RFC4474 and phone numbers Elwell, John
- Re: [Sip] Infrastructure issues involving e164 nu… Elwell, John
- Re: [Sip] Infrastructure issues involving e164 nu… Horvath, Ernst
- Re: [Sip] New I-D on why From/To-URIs are changed… Elwell, John
- Re: [Sip] Infrastructure issues involving e164 nu… Elwell, John
- Re: [Sip] [Enum] New I-D on RFC4474 and phone num… PFAUTZ, PENN L, ATTCORP
- Re: [Sip] Infrastructure issues involving e164 nu… Hannes Tschofenig
- Re: [Sip] Infrastructure issues involving e164 nu… Patrik Fältström
- Re: [Sip] New I-D on RFC4474 and phone numbers Jonathan Rosenberg
- Re: [Sip] New I-D on RFC4474 and phone numbers Michael Thomas
- Re: [Sip] Infrastructure issues involving e164 nu… Paul Kyzivat
- Re: [Sip] New I-D on RFC4474 and phone numbers Francois Audet
- Re: [Sip] New I-D on RFC4474 and phone numbers Dan Wing
- Re: [Sip] Infrastructure issues involving e164 nu… Francois Audet
- Re: [Sip] New I-D on why From/To-URIs are changed… Hadriel Kaplan
- Re: [Sip] Infrastructure issues involving e164 nu… Elwell, John
- Re: [Sip] New I-D on RFC4474 and phone numbers Elwell, John
- Re: [Sip] Infrastructure issues involving e164 nu… Paul Kyzivat
- Re: [Sip] Infrastructure issues involving e164 nu… Michael Thomas
- Re: [Sip] New I-D on why From/To-URIs are changed… Paul Kyzivat
- Re: [Sip] New I-D on RFC4474 and phone numbers Dan Wing
- Re: [Sip] Infrastructure issues involving e164 nu… Paul Kyzivat
- Re: [Sip] Infrastructure issues involving e164 nu… Dean Willis
- Re: [Sip] Infrastructure issues involving e164 nu… Francois Audet
- Re: [Sip] Infrastructure issues involving e164 nu… Dean Willis
- Re: [Sip] Infrastructure issues involving e164 nu… Michael Thomas
- Re: [Sip] SIP & E.164 assertions Dale.Worley
- Re: [Sip] Infrastructure issues involving e164 nu… Dean Willis
- Re: [Sip] Infrastructure issues involving e164 nu… Hadriel Kaplan
- Re: [Sip] Infrastructure issues involving e164 nu… Hadriel Kaplan
- Re: [Sip] Infrastructure issues involving e164 nu… Elwell, John
- Re: [Sip] Infrastructure issues involving e164 nu… Elwell, John
- Re: [Sip] Infrastructure issues involving e164 nu… Elwell, John
- Re: [Sip] Infrastructure issues involving e164 nu… DRAGE, Keith (Keith)
- Re: [Sip] Infrastructure issues involving e164 nu… Paul Kyzivat
- Re: [Sip] Infrastructure issues involving e164 nu… Paul Kyzivat
- Re: [Sip] Infrastructure issues involving e164 nu… Michael Thomas
- Re: [Sip] Infrastructure issues involving e164 nu… Dean Willis
- Re: [Sip] Infrastructure issues involving e164 nu… Michael Thomas
- Re: [Sip] Infrastructure issues involving e164 nu… Francois Audet
- Re: [Sip] New I-D on why From/To-URIs are changed… Jonathan Rosenberg
- Re: [Sip] New I-D on why From/To-URIs are changed… Hadriel Kaplan