RE: SIP as an alternative to IKE?, was: Re: [Sip] RE: TLS meaning
"Dan Wing" <dwing@cisco.com> Fri, 03 November 2006 22:42 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gg7jw-0003ck-Ed; Fri, 03 Nov 2006 17:42:20 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gg7ju-0003cf-KP for sip@ietf.org; Fri, 03 Nov 2006 17:42:18 -0500
Received: from sj-iport-5.cisco.com ([171.68.10.87]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gg7jt-0001yT-54 for sip@ietf.org; Fri, 03 Nov 2006 17:42:18 -0500
Received: from sj-dkim-5.cisco.com ([171.68.10.79]) by sj-iport-5.cisco.com with ESMTP; 03 Nov 2006 14:42:16 -0800
X-IronPort-AV: i="4.09,386,1157353200"; d="scan'208"; a="339299530:sNHT50828020"
Received: from sj-core-4.cisco.com (sj-core-4.cisco.com [171.68.223.138]) by sj-dkim-5.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id kA3MgGE1023992; Fri, 3 Nov 2006 14:42:16 -0800
Received: from dwingwxp ([10.32.240.197]) by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id kA3MfmOV012615; Fri, 3 Nov 2006 14:41:57 -0800 (PST)
From: Dan Wing <dwing@cisco.com>
To: 'Dean Willis' <dean.willis@softarmor.com>, 'Aki Niemi' <aki.niemi@nokia.com>
Subject: RE: SIP as an alternative to IKE?, was: Re: [Sip] RE: TLS meaning
Date: Fri, 03 Nov 2006 14:41:40 -0800
Message-ID: <09bb01c6ff99$4dda5030$c5f0200a@amer.cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
Thread-Index: Acb+sPLtC4ZStOzmQGSD3yEqBtwtZQA5oyZw
In-Reply-To: <82865BE3-7273-42E6-AD33-EA4D17A13B9F@softarmor.com>
DKIM-Signature: a=rsa-sha1; q=dns; l=1829; t=1162593736; x=1163457736; c=relaxed/simple; s=sjdkim5002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@cisco.com; z=From:=22Dan=20Wing=22=20<dwing@cisco.com> |Subject:RE=3A=20SIP=20as=20an=20alternative=20to=20IKE?, =20was=3A=20Re=3A=20[Sip ]=20RE=3A=20TLS=20meaning; X=v=3Dcisco.com=3B=20h=3DZ900UAtsznM7B7dtVED9pHCDj8w=3D; b=kKR+4q8ipvIiKzOCOokQEx8n/ml7/BJ8doyTUBSTbPp9ekRkKNj6eH66+JY2+dsp56Fdyk0M FEsOG6C1jy6Q4mV+oKFPci/P2BeH9zRSZhFeBj6fagpH30kfYyRdoxb6;
Authentication-Results: sj-dkim-5.cisco.com; header.From=dwing@cisco.com; dkim=pass ( sig from cisco.com verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: a7d6aff76b15f3f56fcb94490e1052e4
Cc: "'Joel M. Halpern'" <joel@stevecrocker.com>, 'IETF SIP List' <sip@ietf.org>
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Errors-To: sip-bounces@ietf.org
> On Nov 2, 2006, at 3:11 AM, Aki Niemi wrote: > > > Rants are so much fun. Another inline. > > Excellent rant, which could be summarized as "deprecate UDP". > I think that's an interesting suggestion. It almost sounds like > something I might have said myself at some timeIt would also > solve our large-responses problem, and our "oh my god my request > is too big to send in one packet" problem, and a bazillion > other things. > > It does have a bit of susceptibility to the RST DOS attack of TCP to > think about, If you're worried about that attack, you should be equally concerned about a nearly-identical attack on UDP that seems apparent -- draft-jung-sipping-authentication-spit-00 discusses a solution, but as I have posted earlier, if a UA expects all messages from its proxy contain Authentication-Info, we may be able to solve the same problem. > something that DTLS does not suffer from. But > other than that and inertia I can think of no good reason to > keep using UDP. To be clear, DTLS does not solve the large UDP problem -- DTLS has support for fragmentation, but only for the TLS handshake itself. We could, and maybe should, invent some framing so that DTLS could solve that problem, too. Adding such framing might be appropriate if/when draft-jennings-sip-dtls-02.txt becomes a WG item. > I'll note however that Robert reports that SIPit seems to indicate > that most implementations are dealing with fragmented UDP just fine > and nobody is actually noticing any problems with large packets, so > we may be "burning a straw witch" when we worry about fragmentation. > Personally, I'm far more worried about rampant complexity. That conflicts with the conclusion of draft-heffner-frag-harmful-02, which is in IETF last call. -d _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- [Sip] Fwd: TLS meaning (was Re: [Sipping] WGLC: d… Dean Willis
- [Sip] Re: TLS meaning (was Re: [Sipping] WGLC: dr… Dean Willis
- Re: [Sip] Re: TLS meaning (was Re: [Sipping] WGLC… Joel M. Halpern
- [Sip] RE: TLS meaning Francois Audet
- Re: [Sip] RE: TLS meaning Aki Niemi
- RE: [Sip] Re: TLS meaning (was Re: [Sipping] WGLC… Francois Audet
- RE: [Sip] RE: TLS meaning Francois Audet
- [Sip] Re: TLS meaning Dean Willis
- Re: [Sip] RE: TLS meaning Dean Willis
- RE: [Sip] RE: TLS meaning Samir Srivastava
- [Sip] RE: TLS meaning Francois Audet
- RE: [Sip] Fwd: TLS meaning (was Re: [Sipping] WGL… Samir Srivastava
- RE: [Sip] Re: TLS meaning (was Re: [Sipping] WGLC… Samir Srivastava
- RE: [Sip] RE: TLS meaning Francois Audet
- RE: [Sip] RE: TLS meaning Samir Srivastava
- RE: [Sip] Fwd: TLS meaning Francois Audet
- Re: [Sip] RE: TLS meaning Michael Thomas
- RE: [Sip] RE: TLS meaning Francois Audet
- RE: [Sip] RE: TLS meaning Samir Srivastava
- Re: [Sip] RE: TLS meaning Michael Thomas
- Re: [Sip] RE: TLS meaning Juha Heinanen
- RE: [Sip] RE: TLS meaning Juha Heinanen
- RE: [Sip] RE: TLS meaning Brian Rosen
- Re: [Sip] RE: TLS meaning Eric Rescorla
- Re: [Sip] RE: TLS meaning Juha Heinanen
- RE: [Sip] RE: TLS meaning Joel M. Halpern
- Re: [Sip] RE: TLS meaning Michael Thomas
- Re: [Sip] RE: TLS meaning Eric Rescorla
- RE: [Sip] RE: TLS meaning Francois Audet
- Re: [Sip] RE: TLS meaning Eric Rescorla
- Re: [Sip] RE: TLS meaning Michael Thomas
- Re: [Sip] RE: TLS meaning Dean Willis
- Re: [Sip] RE: TLS meaning Eric Rescorla
- RE: [Sip] RE: TLS meaning Francois Audet
- Re: [Sip] RE: TLS meaning Eric Rescorla
- [Sip] Re: TLS meaning Dean Willis
- Re: [Sip] RE: TLS meaning Eric Rescorla
- RE: [Sip] RE: TLS meaning Francois Audet
- Re: [Sip] RE: TLS meaning Michael Thomas
- RE: [Sip] RE: TLS meaning Dan Petrie
- RE: [Sip] RE: TLS meaning Frank W. Miller
- Re: [Sip] RE: TLS meaning Dean Willis
- Re: [Sip] RE: TLS meaning Dean Willis
- Re: [Sip] RE: TLS meaning Eric Rescorla
- Re: [Sip] RE: TLS meaning Eric Rescorla
- RE: [Sip] RE: TLS meaning Brian Rosen
- Re: [Sip] RE: TLS meaning Dean Willis
- RE: [Sip] RE: TLS meaning Brian Rosen
- Re: [Sip] RE: TLS meaning Paul Kyzivat
- Re: [Sip] RE: TLS meaning Paul Kyzivat
- RE: [Sip] RE: TLS meaning Brian Rosen
- Re: [Sip] RE: TLS meaning Michael Thomas
- RE: [Sip] RE: TLS meaning Francois Audet
- Re: [Sip] RE: TLS meaning Michael Thomas
- Re: [Sip] RE: TLS meaning Michael Thomas
- Re: [Sip] RE: TLS meaning Eric Rescorla
- Re: [Sip] RE: TLS meaning Michael Thomas
- Re: [Sip] RE: TLS meaning Michael Thomas
- Re: [Sip] RE: TLS meaning Eric Rescorla
- Re: [Sip] RE: TLS meaning Eric Rescorla
- Re: [Sip] RE: TLS meaning Eric Rescorla
- Re: [Sip] RE: TLS meaning Paul Kyzivat
- RE: [Sip] RE: TLS meaning Francois Audet
- Re: [Sip] RE: TLS meaning Michael Thomas
- Re: [Sip] RE: TLS meaning Dean Willis
- Re: [Sip] RE: TLS meaning Eric Rescorla
- Re: [Sip] RE: TLS meaning Paul Kyzivat
- RE: [Sip] RE: TLS meaning Francois Audet
- Re: [Sip] RE: TLS meaning Joel M. Halpern
- Re: [Sip] RE: TLS meaning Eric Rescorla
- Re: [Sip] RE: TLS meaning Michael Thomas
- RE: [Sip] RE: TLS meaning Francois Audet
- Re: [Sip] RE: TLS meaning Michael Thomas
- Re: [Sip] RE: TLS meaning Michael Thomas
- Re: [Sip] RE: TLS meaning Paul Kyzivat
- Re: [Sip] RE: TLS meaning Eric Rescorla
- RE: [Sip] RE: TLS meaning Francois Audet
- RE: [Sip] RE: TLS meaning Samir Srivastava
- Re: [Sip] RE: TLS meaning Eric Rescorla
- RE: [Sip] RE: TLS meaning Samir Srivastava
- RE: [Sip] RE: TLS meaning Juha Heinanen
- Re: [Sip] RE: TLS meaning Juha Heinanen
- Re: [Sip] RE: TLS meaning David R Oran
- Re: [Sip] RE: TLS meaning Eric Rescorla
- RE: [Sip] RE: TLS meaning Hadriel Kaplan
- RE: [Sip] RE: TLS meaning Prashant Kumar
- Re: [Sip] RE: TLS meaning Eric Rescorla
- RE: [Sip] RE: TLS meaning Hadriel Kaplan
- Re: [Sip] RE: TLS meaning Jonathan Rosenberg
- SIP as an alternative to IKE?, was: Re: [Sip] RE:… Jonathan Rosenberg
- Re: SIP as an alternative to IKE?, was: Re: [Sip]… Aki Niemi
- RE: [Sip] RE: TLS meaning Samir Srivastava
- Re: SIP as an alternative to IKE?, was: Re: [Sip]… Dean Willis
- RE: SIP as an alternative to IKE?, was: Re: [Sip]… Dan Wing
- Re: SIP as an alternative to IKE?, was: Re: [Sip]… Jonathan Rosenberg
- RE: SIP as an alternative to IKE?, was: Re: [Sip]… Markus.Isomaki
- Re: SIP as an alternative to IKE?, was: Re: [Sip]… Dean Willis
- Re: SIP as an alternative to IKE?, was: Re: [Sip]… Jeroen van Bemmel
- Re: SIP as an alternative to IKE?, was: Re: [Sip]… David R Oran
- RE: SIP as an alternative to IKE?, was: Re: [Sip]… Samir Srivastava
- Re: SIP as an alternative to IKE?, was: Re: [Sip]… Paul Kyzivat
- Re: SIP as an alternative to IKE?, was: Re: [Sip]… Dean Willis
- Re: [Sip] RE: TLS meaning Jonathan Rosenberg
- Re: SIP as an alternative to IKE?, was: Re: [Sip]… Jeroen van Bemmel
- RE: [Sip] RE: TLS meaning Samir Srivastava
- RE: [Sip] RE: TLS meaning Hadriel Kaplan
- Re: SIP as an alternative to IKE?, was: Re: [Sip]… Dean Willis
- RE: [Sip] RE: TLS meaning Samir Srivastava
- RE: [Sip] RE: TLS meaning Samir Srivastava
- RE: [Sip] RE: TLS meaning Samir Srivastava
- Re: [Sip] Fwd: TLS meaning Eric Rescorla