[Sip] DISCUSS on Service Route Discovery
Dean Willis <dean.willis@softarmor.com> Mon, 25 November 2002 21:45 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA27297 for <sip-archive@odin.ietf.org>; Mon, 25 Nov 2002 16:45:54 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id gAPLmCS32421 for sip-archive@odin.ietf.org; Mon, 25 Nov 2002 16:48:12 -0500
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id gAPLlVv32396; Mon, 25 Nov 2002 16:47:31 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id gAPLk0v32351 for <sip@optimus.ietf.org>; Mon, 25 Nov 2002 16:46:00 -0500
Received: from bdsl.greycouncil.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA27232 for <sip@ietf.org>; Mon, 25 Nov 2002 16:43:10 -0500 (EST)
Received: from bdsl.greycouncil.com (bdsl.greycouncil.com [127.0.0.1]) by bdsl.greycouncil.com (8.12.5/8.12.5) with ESMTP id gAPLjrQs027941 for <sip@ietf.org>; Mon, 25 Nov 2002 15:45:53 -0600
Received: (from dwillis@localhost) by bdsl.greycouncil.com (8.12.5/8.12.5/Submit) id gAPLjrsp027939 for sip@ietf.org; Mon, 25 Nov 2002 15:45:53 -0600
X-Authentication-Warning: bdsl.greycouncil.com: dwillis set sender to dean.willis@softarmor.com using -f
From: Dean Willis <dean.willis@softarmor.com>
To: sip@ietf.org
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Message-Id: <1038260753.27269.33.camel@bdsl.greycouncil.com>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.2.0
Date: Mon, 25 Nov 2002 15:45:53 -0600
Content-Transfer-Encoding: 7bit
Subject: [Sip] DISCUSS on Service Route Discovery
Sender: sip-admin@ietf.org
Errors-To: sip-admin@ietf.org
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
The cool new ID tracker: https://datatracker.ietf.org/public/pidtracker.cgi shows that we have an IESG "Discuss" on the Service Route Discovery draft: http://www.ietf.org/internet-drafts/draft-ietf-sip-scvrtdisco-02.txt which is currently in the "IESG Evaluation" phase of IETF Last Call. The specific issues raised are: --------------- The Security Considerations section is confusing, and (I think) wrong. The first paragraph speaks of proxies modifying things. This is indeed a threat. But the end of that paragraph and the next speak of using transport security between proxies. That does nothing against this threat -- the problem occurs from misbehavior by the authorized proxy. Transport security protects against MITM attacks, not nasty endpoints. The note at the end of the second paragrap, suggesting S/MIME, is the correct answer against this threat. Transport-level security might be useful against other threats. I suspect that fixing the first sentence of Section 7 to speak of MITMs instead of proxies will clear up the confusion; the issue of misbehaving proxies can be described briefly in the second paragraph. I'm also concerned that there's no mandatory-to-implement specified (or is S/MIME support required of Registrars elsewhere?). If not, there should be some text somewhere mandating implementation of it, though (of course) not necessarily use; the current "SHOULD" language is sufficient. --------------- The first problem is that we have intermingled MITM and misbehaving proxies. This can be easily rectified, I think, as suggested in the DISCUSS. The second concern seems to be more interesting. Is it reasonable to mandate that registrars implementing the Service-Route header field also MUST implement S/MIME? This doesn't say they have to USE it, just that they must IMPLEMENT it. My personal feeling is that implementing this in a registrar is fairly straightforward, and even the key management is easy, so it "does no harm" to include as a MUST. What do you think? -- Dean Willis <dean.willis@softarmor.com> _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- [Sip] DISCUSS on Service Route Discovery Dean Willis
- RE: [Sip] DISCUSS on Service Route Discovery Adam Roach
- Re: [Sip] DISCUSS on Service Route Discovery Jonathan Rosenberg
- RE: [Sip] DISCUSS on Service Route Discovery George Foti (LMC)
- RE: [Sip] DISCUSS on Service Route Discovery Drage, Keith (Keith)
- Re: [Sip] DISCUSS on Service Route Discovery Chris Martin
- RE: [Sip] DISCUSS on Service Route Discovery Peterson, Jon