IETF Logo Mail Archive

RE: SIP as an alternative to IKE?, was: Re: [Sip] RE: TLS meaning

"Dan Wing" <dwing@cisco.com> Fri, 03 November 2006 22:42 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gg7jw-0003ck-Ed; Fri, 03 Nov 2006 17:42:20 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gg7ju-0003cf-KP for sip@ietf.org; Fri, 03 Nov 2006 17:42:18 -0500
Received: from sj-iport-5.cisco.com ([171.68.10.87]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gg7jt-0001yT-54 for sip@ietf.org; Fri, 03 Nov 2006 17:42:18 -0500
Received: from sj-dkim-5.cisco.com ([171.68.10.79]) by sj-iport-5.cisco.com with ESMTP; 03 Nov 2006 14:42:16 -0800
X-IronPort-AV: i="4.09,386,1157353200"; d="scan'208"; a="339299530:sNHT50828020"
Received: from sj-core-4.cisco.com (sj-core-4.cisco.com [171.68.223.138]) by sj-dkim-5.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id kA3MgGE1023992; Fri, 3 Nov 2006 14:42:16 -0800
Received: from dwingwxp ([10.32.240.197]) by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id kA3MfmOV012615; Fri, 3 Nov 2006 14:41:57 -0800 (PST)
From: Dan Wing <dwing@cisco.com>
To: 'Dean Willis' <dean.willis@softarmor.com>, 'Aki Niemi' <aki.niemi@nokia.com>
Subject: RE: SIP as an alternative to IKE?, was: Re: [Sip] RE: TLS meaning
Date: Fri, 03 Nov 2006 14:41:40 -0800
Message-ID: <09bb01c6ff99$4dda5030$c5f0200a@amer.cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
Thread-Index: Acb+sPLtC4ZStOzmQGSD3yEqBtwtZQA5oyZw
In-Reply-To: <82865BE3-7273-42E6-AD33-EA4D17A13B9F@softarmor.com>
DKIM-Signature: a=rsa-sha1; q=dns; l=1829; t=1162593736; x=1163457736; c=relaxed/simple; s=sjdkim5002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@cisco.com; z=From:=22Dan=20Wing=22=20<dwing@cisco.com> |Subject:RE=3A=20SIP=20as=20an=20alternative=20to=20IKE?, =20was=3A=20Re=3A=20[Sip ]=20RE=3A=20TLS=20meaning; X=v=3Dcisco.com=3B=20h=3DZ900UAtsznM7B7dtVED9pHCDj8w=3D; b=kKR+4q8ipvIiKzOCOokQEx8n/ml7/BJ8doyTUBSTbPp9ekRkKNj6eH66+JY2+dsp56Fdyk0M FEsOG6C1jy6Q4mV+oKFPci/P2BeH9zRSZhFeBj6fagpH30kfYyRdoxb6;
Authentication-Results: sj-dkim-5.cisco.com; header.From=dwing@cisco.com; dkim=pass ( sig from cisco.com verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: a7d6aff76b15f3f56fcb94490e1052e4
Cc: "'Joel M. Halpern'" <joel@stevecrocker.com>, 'IETF SIP List' <sip@ietf.org>
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Errors-To: sip-bounces@ietf.org

> On Nov 2, 2006, at 3:11 AM, Aki Niemi wrote:
> 
> > Rants are so much fun. Another inline.
> 
> Excellent rant, which could be summarized as "deprecate UDP". 
> I think that's an interesting suggestion. It almost sounds like 
> something I might have said myself at some timeIt would also 
> solve our large-responses problem, and our "oh my god my request 
> is too big to send in one packet" problem, and a bazillion 
> other things.
> 
> It does have a bit of susceptibility to the RST DOS attack of TCP to  
> think about,

If you're worried about that attack, you should be equally concerned
about a nearly-identical attack on UDP that seems apparent -- 
draft-jung-sipping-authentication-spit-00 discusses a solution, but
as I have posted earlier, if a UA expects all messages from its
proxy contain Authentication-Info, we may be able to solve the
same problem.

> something that DTLS does not suffer from. But 
> other than that and inertia I can think of no good reason to 
> keep using UDP.

To be clear, DTLS does not solve the large UDP problem -- DTLS 
has support for fragmentation, but only for the TLS handshake 
itself.  We could, and maybe should, invent some framing 
so that DTLS could solve that problem, too.  Adding such framing
might be appropriate if/when draft-jennings-sip-dtls-02.txt 
becomes a WG item.

> I'll note however that Robert reports that SIPit seems to indicate  
> that most implementations are dealing with fragmented UDP just fine  
> and nobody is actually noticing any problems with large packets, so  
> we may be "burning a straw witch" when we worry about fragmentation.  
> Personally, I'm far more worried about rampant complexity.

That conflicts with the conclusion of 
draft-heffner-frag-harmful-02, which is in IETF last call.

-d

_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip

v2.23.0 | Report a Bug | By Email