RE: [Sip] sips: upgrading allowed or not
"Francois Audet" <audet@nortel.com> Wed, 28 March 2007 00:18 UTC
Return-path: <sip-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1HWLrW-0008Ig-VN; Tue, 27 Mar 2007 20:18:02 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1HWLrW-0008IZ-2H for sip@ietf.org; Tue, 27 Mar 2007 20:18:02 -0400
Received: from zcars04f.nortel.com ([47.129.242.57]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1HWLrU-00030a-H7 for sip@ietf.org; Tue, 27 Mar 2007 20:18:02 -0400
Received: from zrc2hxm0.corp.nortel.com (zrc2hxm0.corp.nortel.com [47.103.123.71]) by zcars04f.nortel.com (Switch-2.2.6/Switch-2.2.0) with ESMTP id l2S0Hud06869; Wed, 28 Mar 2007 00:17:57 GMT
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Sip] sips: upgrading allowed or not
Date: Tue, 27 Mar 2007 19:17:39 -0500
Message-ID: <1ECE0EB50388174790F9694F77522CCF0FCA3E07@zrc2hxm0.corp.nortel.com>
In-Reply-To: <026601c770cc$7695b330$800101df@acmepacket.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Sip] sips: upgrading allowed or not
Thread-Index: AcdwddKpYbqocH84S7y1P1hQuUzOjQAGRhfgAA8AURAAAHzk4A==
References: <46091EB2.6020303@cisco.com> <1ECE0EB50388174790F9694F77522CCF0FC5A439@zrc2hxm0.corp.nortel.com> <026601c770cc$7695b330$800101df@acmepacket.com>
From: Francois Audet <audet@nortel.com>
To: Hadriel Kaplan <HKaplan@acmepacket.com>, Jonathan Rosenberg <jdrosen@cisco.com>, IETF SIP List <sip@ietf.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 155726d2f5fe5eb5c40a9f079fd9e841
Cc:
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Errors-To: sip-bounces@ietf.org
I'm not sure I follow your point... If you "upgrade", you will know soon enough because things will start breaking, and you'll get customer complaints. This "breaking" part is the reason why I want to deprecate upgrades. As for the "checks", it seems to me that using SIPS as a "check" is not a good idea (at least on it's own) as it is very weak. To me, that's one of the possible topic for "Furture work in specification". I think this section on checks is misleading and it contradicts other parts of the document that explain that SIPS is not an indication that the request was indeed forwarded over TLS on each hop. If people think we need a indication of end-to-end security (of of security on each hop), then bring it in. That's what I tought people wanted to talk about in Prague... > -----Original Message----- > From: Hadriel Kaplan [mailto:HKaplan@acmepacket.com] > Sent: Tuesday, March 27, 2007 17:03 > To: Audet, Francois (SC100:3055); 'Jonathan Rosenberg'; 'IETF > SIP List' > Subject: RE: [Sip] sips: upgrading allowed or not > > I also agree upgrading should not be allowed to make life > simpler, but my concern is isn't it too late? > > I mean how many 3261-compliant boxes out there will retarget > upgrade? So if sips suddenly becomes a (more) popular thing, > how would the UAS know if the request traversed a 3261-only > proxy which upgraded, vs. traversed this newer proposal proxies only? > > It will have to do the checks no matter what, no? And the > bad scenario of sips contact can still occur. (or maybe I > missed the point) But at least if you specify NOT to do it > and why in your draft then it will help proxy makers avoid > the sips contact issue. So it still has some value. > > -hadriel > > > > -----Original Message----- > > From: Francois Audet [mailto:audet@nortel.com] > > Sent: Tuesday, March 27, 2007 3:36 PM > > To: Jonathan Rosenberg; IETF SIP List > > Subject: RE: [Sip] sips: upgrading allowed or not > > > > I agree with Jonathan's proposal. > > > > Here is a slighly different perspective on it however. I'll keep > > rethorical arguments out of it, and stick to protocol. > > > > - Disallowing re-targeting "upgrades" from SIP to SIPS by a proxy > > would be > > a normative change to RFC 3261. Section 26.4.4 describes it (3rd > > paragraph > > on p. 250). That is just an observation. > > > > - The fact that it is currently allowed means that the UAS > receiving > > the request > > has to go through some fairly esoteric logic to "guess" if the > > request was > > sent securily on each hop or not. This is described in > paragraph 4 > > of p. 250, > > and section 4.1 of draft-ietf-sip-sips-02 also describes it, with > > some modifications. > > Those procedures are extremely cludgy and non-deterministic. They > > are also misleading > > for the UAS, and inconsistent with the use of SIPS and SIP as > > described in this draft > > (i.e., for the other scenarios of forwarding and retargeting). In > > all other instances, > > the idea is that when a request is forwarded/retargeted, > the scheme > > is preserve. > > I'd really like to get rid of section 4.1. > > > > - Jonathan Peterson was proposing that the UAS inspect > the To header > > to see if > > the request was initially targeted at SIPS. This is > a subset > > of the procedures > > of 4.1/draft-ietf-sip-sips and of RFC 3261 (they add stuff > > like looking at > > Via and other fields). > > > > - This "upgrading" also forces the use of the double > Record-Route in > > section 4.2 > > of draft-ietf-sip-sips-02. Since we agreed to deprecate > the last hop > > exception > > for downgrading, the SIPS-to-SIP Record-Route scenario will be > > removed from the > > -03 version. Removing the "upgrade" scenario would also > remove the > > double > > Record-Route for the SIP-to-SIPS, and the net-net is that > the whole > > section > > 4.2 could be removed. > > > > - Because of rules described in RFC 3261, if a UAS receives an > > incoming request with a > > SIPS Request-URI, it MUST use a SIPS contact. This is a > big problem > > for the sender > > of the initial request that initiated the dialog if that > UAC did not > > support SIPS. > > If Record-Routing is not used, it will just plainly not work. The > > UAC will not be > > able to send further requests (like BYE for example). If > > Record-Route is used, it > > might work (or it might not). The reason it might not > work is that > > there is possible > > that the UAC might "choke" on the SIPS URI in the Contact > (because > > it doesn't understand > > how to parse it). > > > > - We have corrected to types of problems everywhere > else in this > > draft. There was > > quite a few of them in previous versions. This is the > only one > > remaining. > > > > - Note that it would still be possible to "upgrade" by sending SIP > > over TLS. In fact, I would > > argue that we need to put a requirement to do so when there is > > already a TLS connection > > opened with the target (as would be the case if Outbound > was used, > > and the registration was > > done over TLS). > > > > In summary, I favor deprecating the "retargeting upgrade" > scenario for > > the following reasons: > > > > - It greatly simplifies the draft, eliminating sections 4.1 and 4.2 > > completely. > > > > - It is much less confusing for the far end. > > > > - It avoids some nasty protocol level problems that "break" things. > > > > - You can still use TLS for transport for delivering to > that last hop. > > > > > -----Original Message----- > > > From: Jonathan Rosenberg [mailto:jdrosen@cisco.com] > > > Sent: Tuesday, March 27, 2007 06:40 > > > To: IETF SIP List > > > Subject: [Sip] sips: upgrading allowed or not > > > > > > During the Prague IETF, I shared some opinions on what I thought > > > sips needs to look like and why, and wanted to take these to the > > > list. > > > > > > Firstly, what is the point of sips? What does it bring a network > > > that it can't get with TLS on some hops, as needed? > > > The answer is that certain security benefits are afforded > if we can > > > assure that every single hop from UAC to UAS was TLS > protected, and > > > that furthermore, this fact can be definitively known by the UAC, > > > UAS, and all proxies along the way. If we make the > assumption that > > > the UA's trust their proxies (please don't question the > assumption > > > in this thread), then SIPS provides you some very nice security > > > properties - confidentiality and integrity from all non-trusted > > > entities. We use this property all over our specs to > secure various > > > extensions. > > > > > > Given that, sips is broken if it doesn't provide that > service (tls > > > on each hop with knowledge of such by all entities). FOr this > > > reason, I think we need to eliminate the last hop exception > > > (uncontroversial I think), but furthermore, I believe > this extends > > > to retargeting as well. > > > I think we clearly need to disallow retargeting or > downgrading from > > > a sips URI to a sip URI. I think that was also largely > > > non-controversial. > > > However, I also want to disallow upgrading or retargeting > from sip > > > to sips. On this, there was some disagreement. > > > > > > The challenge Jon gave me at the mike was this. As long as a UAC > > > inserts a sips URI into the To field and R-URI field when > it emits a > > > sips request, does not the presence of a sips URI in the > TO field, > > > and receipt over a TLS connection, assure that the request was > > > delivered over TLS at each hop? Had the request been sent > originally > > > to a sip URI and then upgraded, the TO field would not have been > > > sips, but rather sip. > > > > > > I believe Jon is correct, however I still think it is not a good > > > idea. > > > My rationale is: > > > > > > 1. if upgrades are disallowed, redirecting from sip to sips works > > > much better. Such a redirection would necesarily have to > go all the > > > way to the UAC. If we allow upgrades, a proxy in the middle could > > > recurse and upgrade. In that case, if the reason for the > redirection > > > was that the UAS *wanted* TLS on each hop, recursing in > the middle > > > would destroy that possibility. > > > > > > 2. The architectural principle behind the first issue, more > > > generally, is that the meaning of sips is *SECURE ON EACH > HOP FROM > > > UAC TO UAS*. To me, this is fundamentally at odds with > any notion of > > > upgrade or downgrade. > > > > > > 3. Things become simpler if we forbid upgrades. We can > eliminate the > > > text on double-record routing sinec a proxy would never > be sip/sips > > > converting. I think it also just generally makes overall > processing > > > easier. SIPS means one thing and one thing only and its terribly > > > clear what it means. > > > > > > As such, I stand by my argument that we should forbid upgrades. > > > > > > -JOnathan R. > > > > > > -- > > > Jonathan D. Rosenberg, Ph.D. 600 Lanidex Plaza > > > Cisco Fellow Parsippany, NJ > > > 07054-2711 > > > Cisco Systems > > > jdrosen@cisco.com FAX: > (973) 952-5050 > > > http://www.jdrosen.net PHONE: > (973) 952-5000 > > > http://www.cisco.com > > > > > > _______________________________________________ > > > Sip mailing list https://www1.ietf.org/mailman/listinfo/sip > > > This list is for NEW development of the core SIP Protocol Use > > > sip-implementors@cs.columbia.edu for questions on current sip Use > > > sipping@ietf.org for new developments on the application of sip > > > > > > > _______________________________________________ > > Sip mailing list https://www1.ietf.org/mailman/listinfo/sip > > This list is for NEW development of the core SIP Protocol Use > > sip-implementors@cs.columbia.edu for questions on current sip Use > > sipping@ietf.org for new developments on the application of sip > > _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- [Sip] sips: upgrading allowed or not Jonathan Rosenberg
- Does TLS have the security benefits claimed? (was… Dean Willis
- Re: Does TLS have the security benefits claimed? … Frank W. Miller
- Re: Does TLS have the security benefits claimed? … Juha Heinanen
- RE: Does TLS have the security benefits claimed? … Samir Srivastava
- Re: Does TLS have the security benefits claimed? … Medhavi Bhatia
- Re: [Sip] sips: upgrading allowed or not Dean Willis
- RE: [Sip] sips: upgrading allowed or not Samir Srivastava
- Re: Does TLS have the security benefits claimed? … David R Oran
- RE: Does TLS have the security benefits claimed? … Francois Audet
- RE: Does TLS have the security benefits claimed? … Samir Srivastava
- RE: Does TLS have the security benefits claimed? … Francois Audet
- Re: Does TLS have the security benefits claimed? … Dean Willis
- RE: Does TLS have the security benefits claimed? … Samir Srivastava
- RE: Does TLS have the security benefits claimed? … Francois Audet
- Re: [Sip] sips: upgrading allowed or not Dean Willis
- [Sip] Securing Other URI (Tel URI) scheme Samir Srivastava
- [Sip] RE: Securing Other URI (Tel URI) scheme Sean Olson
- [Sip] RE: Securing Other URI (Tel URI) scheme Samir Srivastava
- [Sip] Re: Securing Other URI (Tel URI) scheme Dean Willis
- [Sip] RE: Securing Other URI (Tel URI) scheme Sean Olson
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Dean Willis
- Re: Does TLS have the security benefits claimed? … Frank W. Miller
- [Sip] RE: Securing Other URI (Tel URI) scheme Francois Audet
- Re: Does TLS have the security benefits claimed? … Frank W. Miller
- [Sip] RE: Securing Other URI (Tel URI) scheme Samir Srivastava
- Re: Does TLS have the security benefits claimed? … Dean Willis
- Re: Does TLS have the security benefits claimed? … Dean Willis
- RE: Does TLS have the security benefits claimed? … Samir Srivastava
- Re: Does TLS have the security benefits claimed? … Vijay K. Gurbani
- Re: Does TLS have the security benefits claimed? … Dean Willis
- RE: Does TLS have the security benefits claimed? … Brian Stucker
- Re: [Sip] sips: upgrading allowed or not Michael Thomas
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Christer Holmberg (JO/LMF)
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Francois Audet
- RE: [Sip] sips: upgrading allowed or not Hadriel Kaplan
- [Sip] Future work in specification on SIP Security Francois Audet
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Samir Srivastava
- RE: [Sip] sips: upgrading allowed or not Francois Audet
- Re: [Sip] sips: upgrading allowed or not Dean Willis
- [Sip] RE: Securing Other URI (Tel URI) scheme Juha Heinanen
- [Sip] RE: Securing Other URI (Tel URI) scheme Juha Heinanen
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Juha Heinanen
- RE: [Sip] sips: upgrading allowed or not Elwell, John
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Christer Holmberg (JO/LMF)
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme EKR
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Christer Holmberg (JO/LMF)
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Vijay K. Gurbani
- RE: [Sip] sips: upgrading allowed or not Francois Audet
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Francois Audet
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Christer Holmberg (JO/LMF)
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Christer Holmberg (JO/LMF)
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Eric Rescorla
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Christer Holmberg (JO/LMF)
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Samir Srivastava
- RE: [Sip] sips: upgrading allowed or not Hadriel Kaplan
- RE: [Sip] sips: upgrading allowed or not Francois Audet
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Hadriel Kaplan
- RE: [Sip] sips: upgrading allowed or not Hadriel Kaplan
- RE: [Sip] sips: upgrading allowed or not Samir Srivastava
- [Sip] draft-srivastava-sip-e2e-ciphersuites-00 (w… Hadriel Kaplan
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Dean Willis
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Francois Audet
- [Sip] RE: draft-srivastava-sip-e2e-ciphersuites-0… Samir Srivastava
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Samir Srivastava
- Poll: Do we have sips/sip retageting in the wild … Dean Willis
- RE: Poll: Do we have sips/sip retageting in the w… Francois Audet
- RE: Poll: Do we have sips/sip retageting in the w… Samir Srivastava
- RE: Poll: Do we have sips/sip retageting in the w… Samir Srivastava
- Re: Poll: Do we have sips/sip retageting in the w… Dean Willis
- RE: Poll: Do we have sips/sip retageting in the w… Francois Audet
- RE: Poll: Do we have sips/sip retageting in the w… Samir Srivastava
- [Sip] RE: draft-srivastava-sip-e2e-ciphersuites-0… Hadriel Kaplan
- Re: Poll: Do we have sips/sip retageting in the w… Dean Willis
- Re: Poll: Do we have sips/sip retageting in the w… Dean Willis
- [Sip] SIPS Deployments ( Was Re: Poll: Do we have… Samir Srivastava
- RE: [Sip] SIPS Deployments ( Was Re: Poll: Do we … Samir Srivastava
- [Sip] "Deployments" (sips: and so on) Markus.Isomaki
- RE: [Sip] "Deployments" (sips: and so on) Steve Langstaff
- Re: [Sip] "Deployments" (sips: and so on) Vijay K. Gurbani
- Re: [Sip] "Deployments" (sips: and so on) Vijay K. Gurbani
- Re: [Sip] "Deployments" (sips: and so on) Jiri Kuthan
- RE: Poll: Do we have sips/sip retageting in the w… Francois Audet
- RE: [Sip] "Deployments" (sips: and so on) Samir Srivastava
- Re: Poll: Do we have sips/sip retageting in the w… Dean Willis
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Cullen Jennings
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Juha Heinanen
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Francois Audet
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Francois Audet
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Samir Srivastava
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Dean Willis
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Juha Heinanen
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Christer Holmberg (JO/LMF)
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Juha Heinanen
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Paul Kyzivat
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Christer Holmberg (JO/LMF)
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Juha Heinanen
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Stastny Richard
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Francois Audet
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Juha Heinanen
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Francois Audet
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Stastny Richard
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Francois Audet
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Juha Heinanen
- RE: [Sip] Securing Other URI (Tel URI) scheme Francois Audet
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Juha Heinanen
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Juha Heinanen
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Christer Holmberg (JO/LMF)
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Francois Audet
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Francois Audet
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Juha Heinanen
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Dean Willis
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Samir Srivastava
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Juha Heinanen
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Dean Willis
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Michael Thomas
- Re: [Sip] Securing Other URI (Tel URI) scheme Scott Lawrence
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Juha Heinanen
- Re: [Sip] Securing Other URI (Tel URI) scheme Juha Heinanen
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Michael Thomas
- Re: [Sip] Securing Other URI (Tel URI) scheme Paul Kyzivat
- RE: [Sip] RE: Securing Other URI (Tel URI) scheme Christer Holmberg (JO/LMF)
- RE: [Sip] Securing Other URI (Tel URI) scheme Samir Srivastava
- Re: [Sip] Securing Other URI (Tel URI) scheme Dean Willis
- Re: [Sip] Securing Other URI (Tel URI) scheme Dean Willis
- Re: [Sip] Securing Other URI (Tel URI) scheme Paul Kyzivat
- Re: [Sip] Securing Other URI (Tel URI) scheme Michael Thomas
- Re: [Sip] Securing Other URI (Tel URI) scheme Dean Willis
- Re: [Sip] Securing Other URI (Tel URI) scheme Michael Thomas
- RE: [Sip] Securing Other URI (Tel URI) scheme Dwight, Timothy M (Tim)
- RE: [Sip] Securing Other URI (Tel URI) scheme Francois Audet
- RE: [Sip] Securing Other URI (Tel URI) scheme Dwight, Timothy M (Tim)
- RE: [Sip] Securing Other URI (Tel URI) scheme Samir Srivastava
- Re: [Sip] Securing Other URI (Tel URI) scheme Juha Heinanen
- Re: [Sip] Securing Other URI (Tel URI) scheme Dean Willis
- Re: [Sip] RE: Securing Other URI (Tel URI) scheme Scott Lawrence
- RE: Poll: Do we have sips/sip retageting in the w… Charles Eckel (eckelcu)
- RE: Poll: Do we have sips/sip retageting in the w… Samir Srivastava
- RE: Poll: Do we have sips/sip retageting in the w… Francois Audet
- RE: Poll: Do we have sips/sip retageting in the w… Charles Eckel (eckelcu)
- RE: Poll: Do we have sips/sip retageting in the w… Samir Srivastava
- Re: Poll: Do we have sips/sip retageting in the w… Cullen Jennings
- [Sip] draft-ietf-sip-sips-03: option-tag or not Francois Audet
- [Sip] RE: draft-ietf-sip-sips-03: option-tag or n… Charles Eckel (eckelcu)