Re: [Sip] Another Revised agenda for SIP et IETF 64
Allison Mankin <mankin@psg.com> Thu, 03 November 2005 19:35 UTC
Received: from localhost.cnri.reston.va.us ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EXkrl-0003j5-Pl; Thu, 03 Nov 2005 14:35:17 -0500
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EXkrd-0003in-J5 for sip@megatron.ietf.org; Thu, 03 Nov 2005 14:35:16 -0500
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id OAA21682 for <sip@ietf.org>; Thu, 3 Nov 2005 14:34:46 -0500 (EST)
Message-Id: <200511031934.OAA21682@ietf.org>
Received: from psg.com ([147.28.0.62] ident=mailnull) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EXl6T-0001jV-9l for sip@ietf.org; Thu, 03 Nov 2005 14:50:30 -0500
Received: from localhost ([127.0.0.1] helo=psg.com) by psg.com with esmtp (Exim 4.52 (FreeBSD)) id 1EXkrW-00083U-UA; Thu, 03 Nov 2005 19:35:02 +0000
To: "DENG, HUI -HCHBJ" <hdeng@hitachi.cn>
Subject: Re: [Sip] Another Revised agenda for SIP et IETF 64
Date: Thu, 03 Nov 2005 11:35:02 -0800
From: Allison Mankin <mankin@psg.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: fb6060cb60c0cea16e3f7219e40a0a81
Cc: sip@ietf.org, Rohan Mahy <rohan@ekabal.com>, Dean Willis <dean.willis@softarmor.com>
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Sender: sip-bounces@ietf.org
Errors-To: sip-bounces@ietf.org
Hi, > > I think this is a reasonable place for the Area Director to > speak a little more. There's definitely a precedent for making room > for existing types of SIM in the IETF-structured security designs. > But why is this an issue for the SIP working group, > once SIP has come up with a basic security design that has > IETF-structured security in it? > > ==> Thanks AD here, we think reason is since HTTP AKA-Digest appears here :) Understood. The first time that we extended Digest, we did do it with a SIP WG document. It sort of booted the security design. Because the original question asked by the AKA folks was whether this should be HTTP-Digest-EAP-AKA, and there needed to be some discussion about why not EAP (that was actually mostly with the Security Area, I recall) and then some discussion to make sure that SIP Digest use was well thought through (this was in 2002, a long time ago). But when AKA folks needed to do HTTP AKA-Digest v2, this was not done as a SIP document. It was done as an independent AD-sponsored document with security review. > > In my view, the Security Area needs to review your requirements > and then your specification. I would recommend that > the document become an AD-sponsored individual submission, the > same way that Digest-AKA was. > > ==> we are not familiar with what's happened for Digest-AKA historically > > would like to understand more. See above. > > I would be happy to ask Russ Housley to adopt this work, and > ask SIP for advice to the extent any SIP issues come up. > > ==> Thanks again > > Just reading a little, there have been enough attacks on CAVE, that > though it's widely used, the tradeoff for the specification will > be to make sure it states clearly what the risks are, and it's this > stuff especially that makes it a non-SIP Informational with a > SEC AD sponsor. > > ==> I guess that here what you mean is like the Section of Security Consideration > > in RFC 3310. Yes. > > One thing I still not clear is do you mean this analysis should be done in problem > > statement or in solution. I'd probably just do one document with both the problem statement and the solution in it. > > Another thing is do you mean that solution could become non-SIP informational > > or problem statement could become non-SIP informational I'd do one Informational document that is AD sponsored, a non-SIP Informational, similar in content to draft-torvinen-http-digest-aka-v2-02.txt, which was independent and AD-sponsored, and which is about to come out as RFC 4169. Allison _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- Re: [Sip] Another Revised agenda for SIP et IETF … Binfeng Yan
- Re: [Sip] Another Revised agenda for SIP et IETF … Dean Willis
- Re: [Sip] Another Revised agenda for SIP et IETF … Binfeng Yan
- Re: [Sip] Another Revised agenda for SIP et IETF … Dean Willis
- Re: [Sip] Another Revised agenda for SIP et IETF … Allison Mankin
- RE: [Sip] Another Revised agenda for SIP et IETF … DENG, HUI -HCHBJ
- RE: [Sip] Another Revised agenda for SIP et IETF … DENG, HUI -HCHBJ
- Re: [Sip] Another Revised agenda for SIP et IETF … Allison Mankin
- RE: [Sip] Another Revised agenda for SIP et IETF … DENG, HUI -HCHBJ
- RE: [Sip] Another Revised agenda for SIP et IETF … Drage, Keith (Keith)
- Re: [Sip] Another Revised agenda for SIP et IETF … Dean Willis
- Re: [Sip] Another Revised agenda for SIP et IETF … Binfeng Yan
- RE: [Sip] Another Revised agenda for SIP et IETF … Binfeng Yan