Re: [Sip] Using TLS in the first hop - Bug in RFC 5630
"Horvath, Ernst" <ernst.horvath@siemens-enterprise.com> Thu, 15 September 2011 13:56 UTC
Return-Path: <ernst.horvath@siemens-enterprise.com>
X-Original-To: sip@ietfa.amsl.com
Delivered-To: sip@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCB1B21F8ABE for <sip@ietfa.amsl.com>; Thu, 15 Sep 2011 06:56:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.699
X-Spam-Level:
X-Spam-Status: No, score=-1.699 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_93=0.6, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5CjRkEV0Cj7M for <sip@ietfa.amsl.com>; Thu, 15 Sep 2011 06:56:52 -0700 (PDT)
Received: from senmx11-mx.siemens-enterprise.com (senmx11-mx.siemens-enterprise.com [62.134.46.9]) by ietfa.amsl.com (Postfix) with ESMTP id F3EC721F8A95 for <sip@ietf.org>; Thu, 15 Sep 2011 06:56:51 -0700 (PDT)
Received: from MCHP063A.global-ad.net (unknown [172.29.37.61]) by senmx11-mx.siemens-enterprise.com (Server) with ESMTP id ADE251EB8453; Thu, 15 Sep 2011 15:59:00 +0200 (CEST)
Received: from MCHP058A.global-ad.net ([172.29.37.55]) by MCHP063A.global-ad.net ([172.29.37.61]) with mapi; Thu, 15 Sep 2011 15:59:00 +0200
From: "Horvath, Ernst" <ernst.horvath@siemens-enterprise.com>
To: Iñaki Baz Castillo <ibc@aliax.net>
Date: Thu, 15 Sep 2011 15:58:59 +0200
Thread-Topic: [Sip] Using TLS in the first hop - Bug in RFC 5630
Thread-Index: AcxzrM//HBXPsR+UQpu/RVSEpGBoDQAAeXuw
Message-ID: <7889A6C3D41A49439DAECC7B4C998F011C07F2E6EF@MCHP058A.global-ad.net>
References: <CALiegfkNfJ7McZAA=a5ajYVzYtmAjC_KQdK1P_ez2L1dia5v2g@mail.gmail.com> <CFFC2869-C704-423E-974D-3F4B93145BBB@edvina.net> <CALiegfnh2C3GNddnneepcVsGgtOd1pSDBVC3uH72S1KaVT_jHg@mail.gmail.com>
In-Reply-To: <CALiegfnh2C3GNddnneepcVsGgtOd1pSDBVC3uH72S1KaVT_jHg@mail.gmail.com>
Accept-Language: de-DE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: de-DE, en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "sip@ietf.org" <sip@ietf.org>
Subject: Re: [Sip] Using TLS in the first hop - Bug in RFC 5630
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sip>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Sep 2011 13:56:52 -0000
Comment at the end... > -----Original Message----- > From: sip-bounces@ietf.org [mailto:sip-bounces@ietf.org] On > Behalf Of Iñaki Baz Castillo > Sent: Donnerstag, 15. September 2011 15:39 > To: Olle E. Johansson > Cc: sip@ietf.org > Subject: Re: [Sip] Using TLS in the first hop - Bug in RFC 5630 > > 2011/9/15 Olle E. Johansson <oej@edvina.net>: > >> As a personal comment, I would like to say that nobody > understands the > >> usage of "sips" schema, just nobody. And the specs do not help. > >> > > With the deprecation of "transport=tls" it becomes even > more strange. > > AFAIK "transport=tls" has never been deprecated. Instead, it has never > been an standard. Note for example that RFC 3261 says: > > Note that in the SIPS URI scheme, transport is > independent of TLS, > and thus "sips:alice@atlanta.com;transport=tcp" and > "sips:alice@atlanta.com;transport=sctp" are both valid (although > note that UDP is not a valid transport for SIPS). The use of > "transport=tls" has consequently been deprecated, partly because > it was specific to a single hop of the request. This > is a change > since RFC 2543. > > "A change since RFC 2543"?? transport=tls has never been defined in > RFC 2543. Check yourself: > > http://tools.ietf.org/html/rfc2543 > > > > We should really spend some time on a "hitch hikers guide > to SIP with TLS" and write an RFC to reinstate > transtport=tls, which is what we all use. > > Or spend some time in a new draft that *correctly* explains how to use > TLS in the first hop (without requiring security in the whole path). > This is *very* easy: > > As I've explained in my first mail: > > INVITE sip:bob@biloxi.com SIP/2.0 > Via: SIP/2.0/TLS 1.2.3.4 > From: sip:alice@atlanta.com > Contact: sips:alice@1.2.3.4;transport=tcp > > That's all. Just: > - Set TLS in Via transport. > - Use "sip" schema in every URI. > - But use "sips" schema in Contact URI. > > And it works. > It may work for the 1st request. But in a subsequent mid-dialog request in the reverse direction the contact URI becomes the Request-URI, which is now SIPS, and therefore the Contact in this request must also become SIPS, and you end up in an all-SIPS case. Ernst Horvath > > > -- > Iñaki Baz Castillo > <ibc@aliax.net> > _______________________________________________ > Sip mailing list https://www.ietf.org/mailman/listinfo/sip > This list is essentially closed and only used for finishing > old business. > Use sip-implementors@cs.columbia.edu for questions on how to > develop a SIP implementation. > Use dispatch@ietf.org for new developments on the application of sip. > Use sipcore@ietf.org for issues related to maintenance of the > core SIP specifications.
- Re: [Sip] Using TLS in the first hop - Bug in RFC… Olle E. Johansson
- [Sip] Using TLS in the first hop - Bug in RFC 5630 Iñaki Baz Castillo
- Re: [Sip] Using TLS in the first hop - Bug in RFC… Olle E. Johansson
- Re: [Sip] Using TLS in the first hop - Bug in RFC… Iñaki Baz Castillo
- Re: [Sip] Using TLS in the first hop - Bug in RFC… Horvath, Ernst
- Re: [Sip] Using TLS in the first hop - Bug in RFC… Iñaki Baz Castillo
- Re: [Sip] Using TLS in the first hop - Bug in RFC… Iñaki Baz Castillo
- Re: [Sip] Using TLS in the first hop - Bug in RFC… Iñaki Baz Castillo
- Re: [Sip] Using TLS in the first hop - Bug in RFC… Olle E. Johansson
- Re: [Sip] Using TLS in the first hop - Bug in RFC… Hadriel Kaplan
- Re: [Sip] Using TLS in the first hop - Bug in RFC… Iñaki Baz Castillo
- Re: [Sip] Using TLS in the first hop - Bug in RFC… Iñaki Baz Castillo
- Re: [Sip] Using TLS in the first hop - Bug in RFC… Hadriel Kaplan
- Re: [Sip] Using TLS in the first hop - Bug in RFC… Iñaki Baz Castillo
- Re: [Sip] Using TLS in the first hop - Bug in RFC… Iñaki Baz Castillo
- Re: [Sip] Using TLS in the first hop - Bug in RFC… Hadriel Kaplan
- Re: [Sip] Using TLS in the first hop - Bug in RFC… DRAGE, Keith (Keith)
- Re: [Sip] Using TLS in the first hop - Bug in RFC… Iñaki Baz Castillo
- Re: [Sip] Using TLS in the first hop - Bug in RFC… Horvath, Ernst
- Re: [Sip] Using TLS in the first hop - Bug in RFC… Iñaki Baz Castillo
- Re: [Sip] Using TLS in the first hop - Bug in RFC… DRAGE, Keith (Keith)
- Re: [Sip] Using TLS in the first hop - Bug in RFC… Iñaki Baz Castillo
- Re: [Sip] Using TLS in the first hop - Bug in RFC… Vijay K. Gurbani
- Re: [Sip] Using TLS in the first hop - Bug in RFC… Olle E. Johansson
- Re: [Sip] Using TLS in the first hop - Bug in RFC… Iñaki Baz Castillo
- Re: [Sip] Using TLS in the first hop - Bug in RFC… DRAGE, Keith (Keith)
- Re: [Sip] Using TLS in the first hop - Bug in RFC… DRAGE, Keith (Keith)
- Re: [Sip] Using TLS in the first hop - Bug in RFC… Iñaki Baz Castillo
- Re: [Sip] Using TLS in the first hop - Bug in RFC… Samir Srivastava
- Re: [Sip] Using TLS in the first hop - Bug in RFC… DRAGE, Keith (Keith)