IETF Logo Mail Archive

RE: [Sip] RE: Question to Identity draft

"Francois Audet" <audet@nortel.com> Thu, 07 April 2005 21:30 UTC

Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA10437 for <sip-web-archive@ietf.org>; Thu, 7 Apr 2005 17:30:34 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DJeiq-0003dB-FZ for sip-web-archive@ietf.org; Thu, 07 Apr 2005 17:39:33 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DJeYb-00047T-NR; Thu, 07 Apr 2005 17:28:57 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DJeYY-000462-Na for sip@megatron.ietf.org; Thu, 07 Apr 2005 17:28:54 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id RAA10293 for <sip@ietf.org>; Thu, 7 Apr 2005 17:28:51 -0400 (EDT)
Received: from zrtps0kn.nortelnetworks.com ([47.140.192.55]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1DJeh6-0003X6-NN for sip@ietf.org; Thu, 07 Apr 2005 17:37:50 -0400
Received: from zrtpd0jn.us.nortel.com (zrtpd0jn.us.nortel.com [47.140.202.35]) by zrtps0kn.nortelnetworks.com (Switch-2.2.6/Switch-2.2.0) with ESMTP id j37LSSi20453; Thu, 7 Apr 2005 17:28:28 -0400 (EDT)
Received: by zrtpd0jn.us.nortel.com with Internet Mail Service (5.5.2653.19) id <2KL1RQYX>; Thu, 7 Apr 2005 17:28:28 -0400
Message-ID: <1ECE0EB50388174790F9694F77522CCF01E39357@zrc2hxm0.corp.nortel.com>
From: Francois Audet <audet@nortel.com>
To: "'Peterson, Jon'" <jon.peterson@neustar.biz>, 'Fries Steffen' <steffen.fries@siemens.com>, "'fluffy@cisco.com'" <fluffy@cisco.com>
Subject: RE: [Sip] RE: Question to Identity draft
Date: Thu, 07 Apr 2005 17:28:12 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
X-Spam-Score: 0.8 (/)
X-Scan-Signature: 025f8c5000216988bfe31585db759250
Cc: 'IETF SIP List' <sip@ietf.org>
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0546302129=="
Sender: sip-bounces@ietf.org
Errors-To: sip-bounces@ietf.org
X-Spam-Score: 0.8 (/)
X-Scan-Signature: dd887a8966a4c4c217a52303814d0b5f

Hi Jon,

Your draft peterson-sipping-retarget-00 describes very well the 
issues at hand.

I don't view the use of INVITE as a "fetch". To me the SUBSCRIBE mechanism
is the fetch mechanism, and it should definitively be used whenever it 
is possible. There is a very strong incentive to use SUBSCRIBE to fetch the
certificates of the "people you know" because it will result in session
setup
in ONE round-trip (which will not be the case when there is a failure, as
with 
unanticipated respondents).

What I am saying is that there are a lot of cases where the 
SUBSCRIBE mechanism will NOT work, but where you may still have a need for 
either/both Identity and/or Privacy (encryption). We absolutely need to 
acknowlege that this will happen (and it will happen a lot).

I've listed a few cases where SUBSCRIBE won't work. It boils down to cases 
where the responder is unpredictable which is extremly common.

Going through the specifics of the retarging-draft regarding identity:

- To me the logical choice for the connected party information would be
  to use the far-end certificate (especially if we need to do encryption
  as well). It fact, it seems to be the only choice as, as you point out,
  it is impossible to enforce a rule that prohibits proxies from 
  retargeting in a domain it is not responsible for.

- It seems to me that it would solve the unanticipated respondent problem 
  (2.2.1). The sender of the request would have many choices, depending
  of the application, on what to do before sending a request:

  - In the case of sending a request that does NOT include an encrypted 
    body, the sender needs to decide if there is any information that is
    sensitive before it sends the request. For example, if it is a SIP
    INVITE, it may decide that it will NOT send an SDP body (because it
    doesn't want to advertize the information to anybody) in the INVITE
    (which means it is doing delayed offer/answer. That particular mechanism
    has some advantage, including avoiding a re-negotiation later on (what
you
    call the fetch). There are some cases where this makes sense.

  - In most cases, I would say that you would use encryption (S/MIME) to
    send the body. This means that there is no unanticipated respondent
    problem because the unintendent respondent won't be able to decrypt
    the body in the first place. Perhaps, we should highly recommend
    this approach (as opposed to "depopulate the message" as above.

  - Again, if for specific requests, it only makes sense to reach a specific
    recipient (e.g., MESSAGE), you still have the option to rely strictly on
    SUBSCRIBE. To me the real important use case where SUBSCRIBE is not 
    enought is INVITEs (and more importantly, for sRTP).

  It is important to acknowledge in advance that there is no way for the
  sender to know in advance that there will be an unanticipated responder.
  Even if a SUBSCRIBE was successful earlier, it may still be retargeted.

- In section 2.3, you talk about using 493. Personally, I would think that
  a 3XX code (possibly a new one) would be more appropriate. In case of
  forking for example, it is more likely that the forking proxy would
redirect
  than a 4XX code which would be very likely to be dropped. You talk about a
  potential problem that the new INVITE could still be routed to a different
  users (just like SUBSCRIBE). Why not use a URI that specifically refers to
  a specific user as a Contact (perhaps a GRUU)? This essentially transforms
  a retargeting into a redirection, which solves a lot of issues (the To:
  would of course remain as per the original INVITE).

- The second to last paragraph of 2.3 says that "This whole class of failure
  would be preventable if Alice were able to guess who would eventually
receive
  her request." I would say that it is quite unrealistic to think that this
  is feasible all the time. There are countless examples where this is not
  possible, and where you would still want to know (1) who responds, and (2)
you
  may still want to do encryption.

- In section 2.4 you talk about consent of the UAC. You are right: this is
  absolutely crucial. My take is that the UAC could clear the session.
  I would say that would be appropriate for INVITEs for example (keep in
mind
  that normally, the receiver wouldn't understand the SDP if it is not 
  authorized, so no harm is done). I would agree that you probably don't
want 
  to do this for MESSAGE. We could also do some sort of precondition if
  we really have to.

- Section 5 is where I was a little puzzled... The way I read the document,
  I was convinced the conclusion would be to use a "Connected party"
approach, but
  instead it suggests that the entities doing the retargeting would have to
  do some new procedures. I think this is not enforceable. Even if it was
enforceable,
  it would be increadibly complicated when multiple retargeting occur. I'd
much rather 
  rely on the certificate of the responder, and let the sender decide how to
proceed.

This would also allow for supporting sRTP to unanticipated respondents.

Note: I will point out that MIKEY allows for this today because the
certificates
      can be included in the MIKEY message. Not so for SDESC. If we "pop up
2 levels" 
      the certificates to the SIP level (instead of inside MIKEY inside SDP
in SIP), then
      we could have a solution that would work for both mechanisms, allowing
a UAC to
      advertize support for both mechanism. You could use S/MIME with both
mechanisms.

> -----Original Message-----
> From: Peterson, Jon [mailto:jon.peterson@neustar.biz] 
> Sent: Wednesday, April 06, 2005 12:39
> To: Audet, Francois [SC100:9T51:EXCH]; Fries Steffen; fluffy@cisco.com
> Cc: IETF SIP List
> Subject: RE: [Sip] RE: Question to Identity draft
> 
> 
> 
> I agree that the problems you describe below are all 
> retargeting problems. The retargeting draft 
> (peterson-sipping-retarget-00 Section 2.3) notes that this 
> problem applies to the RFC3261 INVITE-like certificate 
> exchange mechanism. All in all, though, I'm pretty sure that 
> these sorts of problems are more tractable in a 
> SUBSCRIBE-like model for certificate acquisition than they 
> are in an INVITE-like model for certificate acquisition.

[rest trimmed]

_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip

v2.23.0 | Report a Bug | By Email