IETF Logo Mail Archive

Re: [Sip] draft-ietf-sip-sec-agree-04.txt

Gonzalo Camarillo <Gonzalo.Camarillo@lmf.ericsson.se> Thu, 18 July 2002 12:31 UTC

Received: from optimus.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA00240 for <sip-archive@odin.ietf.org>; Thu, 18 Jul 2002 08:31:53 -0400 (EDT)
Received: (from daemon@localhost) by optimus.ietf.org (8.9.1a/8.9.1) id IAA00998 for sip-archive@odin.ietf.org; Thu, 18 Jul 2002 08:32:51 -0400 (EDT)
Received: from optimus.ietf.org (localhost [127.0.0.1]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id HAA28575; Thu, 18 Jul 2002 07:50:11 -0400 (EDT)
Received: from ietf.org (odin [132.151.1.176]) by optimus.ietf.org (8.9.1a/8.9.1) with ESMTP id HAA28543 for <sip@ns.ietf.org>; Thu, 18 Jul 2002 07:50:07 -0400 (EDT)
Received: from penguin.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [193.180.251.47]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA29487 for <sip@ietf.org>; Thu, 18 Jul 2002 07:49:08 -0400 (EDT)
Received: from esealnt610.al.sw.ericsson.se (esealnt610.al.sw.ericsson.se [153.88.254.69]) by penguin.wise.edt.ericsson.se (8.12.1/8.12.1/WIREfire-1.4) with ESMTP id g6IBo5Rb019682; Thu, 18 Jul 2002 13:50:06 +0200 (MEST)
Received: from lmf.ericsson.se (vrkua2-122.ao.ericsson.se [150.236.87.122]) by esealnt610.al.sw.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id 3YS055XB; Thu, 18 Jul 2002 13:50:04 +0200
Message-ID: <3D355D31.48DC554B@lmf.ericsson.se>
Date: Wed, 17 Jul 2002 15:04:01 +0300
X-Sybari-Trust: e2260e06 8340f2bf 109f9f4a 00000138
From: Gonzalo Camarillo <Gonzalo.Camarillo@lmf.ericsson.se>
X-Mailer: Mozilla 4.74 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: AC Mahendran <mahendra@qualcomm.com>
CC: sip@ietf.org, jari.arkko@lmf.ericsson.se, vesa.torvinen@lmf.ericsson.se
Subject: Re: [Sip] draft-ietf-sip-sec-agree-04.txt
References: <5.1.0.14.2.20020711143204.02656460@clea.qualcomm.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Sender: sip-admin@ietf.org
Errors-To: sip-admin@ietf.org
X-Mailman-Version: 1.0
Precedence: bulk
List-Id: Session Initiation Protocol <sip.ietf.org>
X-BeenThere: sip@ietf.org
Content-Transfer-Encoding: 7bit

Hello,

In the particular example you are referring to, the server did not need
to include any header in the response in order to establish the chosen
security. However, in the general case, the server will chose which
information it should include in the response based on the
security-client header.

Modifying the security-client header can of course be used for a DoS
attack, but keep in mind that what we are trying to avoid is a bid-down
attack.

Regards,

Gonzalo

AC Mahendran wrote:
> 
> I have question regarding the purpose of the "Security-Client" field. Based
> on the description, it looks like this field is not used by the server in
> any way. Can someone explain the purpose of this field?
> 
> thanks,
> AC
> 
> Ps: In the "Server Initiated" (Section 3.4.2) procedures, this field is not
> used. By the same reasoning, this field should not be applicable to the
> "Client Initiated" procedures as well.
> 
> At 12:33 PM 7/7/2002 -0400, Internet-Drafts@ietf.org wrote:
> >A New Internet-Draft is available from the on-line Internet-Drafts
> >directories.
> >This draft is a work item of the Session Initiation Protocol Working Group
> >of the IETF.
> >
> >         Title           : Security Mechanism Agreement for SIP Sessions
> >         Author(s)       : J. Arkko et al.
> >         Filename        : draft-ietf-sip-sec-agree-04.txt
> >         Pages           : 17
> >         Date            : 05-Jul-02
> >
> >SIP has a number of security mechanisms. Some of them have been built
> >in to the SIP protocol, such as HTTP authentication or secure
> >attachments. These mechanisms have even alternative algorithms and
> >parameters. SIP does not currently provide any mechanism for
> >selecting which security mechanisms to use between two entities. In
> >particular, even if some mechanisms such as OPTIONS were used to make
> >this selection, the selection would be vulnerable against the
> >Bidding-Down attack. This document defines three header fields for
> >negotiating the security mechanisms within SIP between a SIP entity
> >and its next SIP hop. A SIP entity applying this mechanism must
> >always require some minimum security (i.e. integrity protection) from
> >all communicating parties in order to secure the negotiation, but the
> >negotiation can agree on which specific minimum security is used.
> >
> >A URL for this Internet-Draft is:
> >http://www.ietf.org/internet-drafts/draft-ietf-sip-sec-agree-04.txt
> >
> >To remove yourself from the IETF Announcement list, send a message to
> >ietf-announce-request with the word unsubscribe in the body of the message.
> >
> >Internet-Drafts are also available by anonymous FTP. Login with the username
> >"anonymous" and a password of your e-mail address. After logging in,
> >type "cd internet-drafts" and then
> >         "get draft-ietf-sip-sec-agree-04.txt".
> >
> >A list of Internet-Drafts directories can be found in
> >http://www.ietf.org/shadow.html
> >or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> >
> >
> >Internet-Drafts can also be obtained by e-mail.
> >
> >Send a message to:
> >         mailserv@ietf.org.
> >In the body type:
> >         "FILE /internet-drafts/draft-ietf-sip-sec-agree-04.txt".
> >
> >NOTE:   The mail server at ietf.org can return the document in
> >         MIME-encoded form by using the "mpack" utility.  To use this
> >         feature, insert the command "ENCODING mime" before the "FILE"
> >         command.  To decode the response(s), you will need "munpack" or
> >         a MIME-compliant mail reader.  Different MIME-compliant mail readers
> >         exhibit different behavior, especially when dealing with
> >         "multipart" MIME messages (i.e. documents which have been split
> >         up into multiple messages), so check your local documentation on
> >         how to manipulate these messages.
> >
> >
> >Below is the data which will enable a MIME compliant mail reader
> >implementation to automatically retrieve the ASCII version of the
> >Internet-Draft.
> >Content-Type: text/plain
> >Content-ID:     <20020705142509.I-D@ietf.org>
> >
> >ENCODING mime
> >FILE /internet-drafts/draft-ietf-sip-sec-agree-04.txt
> >
> ><ftp://ftp.ietf.org/internet-drafts/draft-ietf-sip-sec-agree-04.txt>
> 
> _______________________________________________
> Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
> This list is for NEW development of the core SIP Protocol
> Use sip-implementors@cs.columbia.edu for questions on current sip
> Use sipping@ietf.org for new developments on the application of sip

-- 
Gonzalo Camarillo         Phone :  +358  9 299 33 71
Oy L M Ericsson Ab        Mobile:  +358 40 702 35 35
Telecom R&D               Fax   :  +358  9 299 30 52
FIN-02420 Jorvas          Email :  Gonzalo.Camarillo@ericsson.com
Finland                   http://www.hut.fi/~gonzalo


_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip

v2.23.0 | Report a Bug | By Email