Re: [Sip] WGLC for auth-id body
Cullen Jennings <fluffy@cisco.com> Thu, 22 May 2003 01:47 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA15291 for <sip-archive@odin.ietf.org>; Wed, 21 May 2003 21:47:27 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h4M1EUU04638 for sip-archive@odin.ietf.org; Wed, 21 May 2003 21:14:30 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4M1DaB04574; Wed, 21 May 2003 21:13:36 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h4M18PB04439 for <sip@optimus.ietf.org>; Wed, 21 May 2003 21:08:25 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA15159 for <sip@ietf.org>; Wed, 21 May 2003 21:40:52 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19If3K-0004JZ-00 for sip@ietf.org; Wed, 21 May 2003 21:39:30 -0400
Received: from sj-core-1.cisco.com ([171.71.177.237]) by ietf-mx with esmtp (Exim 4.12) id 19If3J-0004IM-00 for sip@ietf.org; Wed, 21 May 2003 21:39:29 -0400
Received: from mira-sjc5-e.cisco.com (IDENT:mirapoint@mira-sjc5-e.cisco.com [171.71.163.15]) by sj-core-1.cisco.com (8.12.9/8.12.6) with ESMTP id h4M1eIJV002024; Wed, 21 May 2003 18:40:18 -0700 (PDT)
Received: from [12.163.13.67] (sjc-vpn2-527.cisco.com [10.21.114.15]) by mira-sjc5-e.cisco.com (Mirapoint Messaging Server MOS 3.3.3-GR) with ESMTP id AEJ70824; Wed, 21 May 2003 18:40:17 -0700 (PDT)
User-Agent: Microsoft-Entourage/10.1.1.2418
Date: Wed, 21 May 2003 15:07:13 -0700
Subject: Re: [Sip] WGLC for auth-id body
From: Cullen Jennings <fluffy@cisco.com>
To: sip-ietf <sip@ietf.org>, Jon Peterson <jon.peterson@neustar.biz>
CC: Dean Willis <dean.willis@softarmor.com>, Gonzalo.Camarillo@ericsson.com, Rohan Mahy <rohan@cisco.com>
Message-ID: <BAF146A1.9950%fluffy@cisco.com>
In-Reply-To: <9131FA75-85A4-11D7-8E16-0003938AF740@cisco.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Content-Transfer-Encoding: 7bit
Sender: sip-admin@ietf.org
Errors-To: sip-admin@ietf.org
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
I have a concern about SIP security (I've always wanted to start and email
that way :-)
If A sends a request to B and B puts an AIB in the response, I think the
response AIB should have a To: B and not have a From: B. The reason is
fairly simple - Imagine A is an attacker and is watching some call B is
having with C. A wants to insert a message into this call flow - It knows
the Call-ID and appropriate tags and such. A can guess a CSeq that will
likely work. Now A sends a request to B with all this stuff and B sends A a
signed AIB that A can now use to send to C and impersonate B.
On the minor NITs level ...
It would be nice to add some text on tags in To From and if they should be
inserted or not and if they must match.
Use a binary transfer encoding instead of base64 in all of the examples. I
know this is a pain in the RFC but I think it is what we should use in SIP.
Point out that detached signatures SHOULD be used.
Clarify if the signature is computed over
---------
Content-Type: ...
Content-Disposition: ...
From:...
To:....
-------
Or over
---------
From:...
To:....
-------
The outer SIP message in example 3 does not have a Content-Length.
I like the draft.
On 5/13/03 5:39 PM, "Rohan Mahy" <rohan@cisco.com> wrote:
> Hello Everyone,
>
> I would like to begin Working Group Last Call on
>
> http://www.ietf.org/internet-drafts/draft-ietf-sip-authid-body-01.txt
>
> WGLC will end on Friday, June 13, 2003.
>
> thanks,
> -rohan
>
> _______________________________________________
> Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
> This list is for NEW development of the core SIP Protocol
> Use sip-implementors@cs.columbia.edu for questions on current sip
> Use sipping@ietf.org for new developments on the application of sip
>
_______________________________________________
Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip
- [Sip] WGLC for auth-id body Rohan Mahy
- Re: [Sip] WGLC for auth-id body Cullen Jennings
- Re: [Sip] WGLC for auth-id body Robert Sparks
- RE: [Sip] WGLC for auth-id body Peterson, Jon
- RE: [Sip] WGLC for auth-id body Mary Barnes
- RE: [Sip] WGLC for auth-id body Peterson, Jon