IETF Logo Mail Archive

RE: [Sip] draft-ietf-sip-sips-03.txt: Closing of Opened issues

"Samir Srivastava" <samirsr@nortel.com> Thu, 26 April 2007 22:07 UTC

Return-path: <sip-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HhC7g-0005yM-AJ; Thu, 26 Apr 2007 18:07:32 -0400
Received: from sip by megatron.ietf.org with local (Exim 4.43) id 1HhC7f-0005yH-Nv for sip-confirm+ok@megatron.ietf.org; Thu, 26 Apr 2007 18:07:31 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HhC7f-0005y9-EQ for sip@ietf.org; Thu, 26 Apr 2007 18:07:31 -0400
Received: from zcars04e.nortel.com ([47.129.242.56]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HhC7f-0000Hk-4Q for sip@ietf.org; Thu, 26 Apr 2007 18:07:31 -0400
Received: from zrc2hxm2.corp.nortel.com (zrc2hxm2.corp.nortel.com [47.103.123.73]) by zcars04e.nortel.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id l3QM6kh08911; Thu, 26 Apr 2007 22:06:47 GMT
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Sip] draft-ietf-sip-sips-03.txt: Closing of Opened issues
Date: Thu, 26 Apr 2007 17:07:25 -0500
Message-ID: <62B9B0847CC47543B6B3B5E26BD268E6127D0348@zrc2hxm2.corp.nortel.com>
In-Reply-To: <1ECE0EB50388174790F9694F77522CCF1032AAEF@zrc2hxm0.corp.nortel.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Sip] draft-ietf-sip-sips-03.txt: Closing of Opened issues
Thread-Index: AceIRzqoq2B7P2L0SuCNVDIPe6M6VgAAJr0gAADHyyA=
From: Samir Srivastava <samirsr@nortel.com>
To: Francois Audet <audet@nortel.com>, Dean Willis <dean.willis@softarmor.com>, Juha Heinanen <jh@tutpro.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b5d20af10c334b36874c0264b10f59f1
Cc: sip@ietf.org
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Errors-To: sip-bounces@ietf.org

Hi,

The refernece draft mentions in the section 4 that SIPS can be used with
DTLS.

Whereas 3261 has tied SIPS to SIP over TLS.

While 3261 mentions in section 4, page 10

"An example would be sips:bob@biloxi.com.  A call
   made to a SIPS URI guarantees that secure, encrypted transport
   (namely TLS) is used to carry all SIP messages from the caller to the
   domain of the callee"

"3261/ Section 19.1 SIP and SIPS Uniform Resource Indicators"  states

"A SIPS URI specifies that the resource be contacted securely.  This
   means, in particular, that TLS is to be used between the UAC and the
   domain that owns the URI."

So my objection was with reference to 3261, which your draft attempt to
clarify what SIPS means. The above text specifically states TLS only. So
it will be better to clarify the above. And give reference to the
mentioned draft.

Also on the related note on the defintion of transport parameter of the
referenced draft
   transport         =  "UDP" / "TCP" / "TLS" / "SCTP" / "TLS-SCTP"
                        "DTLS-DCCP" / "DTLS-UDP"
                        / other-transport


Transport attempts to put DTLS-DCCP but there is no separate DCCP . And
a related question why cannot we have TLS-TCP instead of implicitly
meaning that. Is it just the backward compatibility to 3261.

I would rather have a parameter 

Secure-Protocol = TLS/DTLS/ etc 
Transport = TCP/UDP/DCCP/SCTP/ ...
Instead of clubbing them together and having all permutations .. Bad
modeling.

Now I have still my biggest burning question. If IPSEC tunnel exists
between two SIP addressable entities, we have encryption twice. What
kind of application will shape in future (I don't have idea), where they
might want to tunnel all traffic through a single IPSEC tunnel. Don't we
need some more secure awareness in the application protocol SIP.

Thx
Samir

>-----Original Message-----
>From: Audet, Francois (SC100:3055) 
>Sent: Thursday, April 26, 2007 2:29 PM
>To: Dean Willis; Juha Heinanen
>Cc: sip@ietf.org
>Subject: RE: [Sip] draft-ietf-sip-sips-03.txt: Closing of Opened issues
>
> 
>> > tell me, why is tls (instead of tcp) needed in via when uri
>> scheme is
>> > sips?  cannot tls/tcp be concluded if transport is tcp and
>> uri scheme
>> > is sips.
>> 
>> I've always wondered about this one myself. What about TLS/SCTP and 
>> DTLS, which might serve as transports for SIPS?
>
>VIA already supports SCTP, TLS-SCTP. And the draft provides 
>the references to RFC 4168 that defines it.
>
>DTLS is defined in
>http://tools.ietf.org/wg/sip/draft-jennings-sip-dtls-03.txt.
>
>On the question of "why we are using VIA in the first place?" 
>instead or replying to where the request came from, well, I 
>don't know. It wasn't me who wrote RFC 3261. This is a widely 
>known characteristic described in RFC 3581.
>
>It's completly out of scope of this draft. 
>
>
>
>
>
>
>_______________________________________________
>Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
>This list is for NEW development of the core SIP Protocol Use 
>sip-implementors@cs.columbia.edu for questions on current sip 
>Use sipping@ietf.org for new developments on the application of sip
>


_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip

v2.23.0 | Report a Bug | By Email