Re: Wacky thead of the month award goes to ... Re: [Sip] draft-audet-sip-sips-guidelines: Meaning of sips
Michael Thomas <mat@cisco.com> Wed, 31 May 2006 23:38 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FlaGO-0006e3-Ei; Wed, 31 May 2006 19:38:08 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FlaGM-0006dy-N0 for sip@ietf.org; Wed, 31 May 2006 19:38:06 -0400
Received: from sj-iport-5.cisco.com ([171.68.10.87]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FlaGL-000152-Cv for sip@ietf.org; Wed, 31 May 2006 19:38:06 -0400
Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-5.cisco.com with ESMTP; 31 May 2006 16:38:05 -0700
X-IronPort-AV: i="4.05,195,1146466800"; d="scan'208"; a="286503555:sNHT34772640"
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id k4VNc4iZ001383; Wed, 31 May 2006 16:38:04 -0700
Received: from imail.cisco.com (sjc12-sbr-sw3-3f5.cisco.com [172.19.96.182]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id k4VNc4CU008198; Wed, 31 May 2006 16:38:04 -0700 (PDT)
Received: from [216.102.208.11] (sjc-vpn6-510.cisco.com [10.21.121.254]) by imail.cisco.com (8.12.11/8.12.10) with ESMTP id k4VNYeFo026737; Wed, 31 May 2006 16:34:41 -0700
Message-ID: <447E28E8.7000304@cisco.com>
Date: Wed, 31 May 2006 16:38:16 -0700
From: Michael Thomas <mat@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; rv:1.7.3) Gecko/20040913 Thunderbird/0.8 Mnenhy/0.7.2.0
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Rohan Mahy <rohan.mahy@gmail.com>
Subject: Re: Wacky thead of the month award goes to ... Re: [Sip] draft-audet-sip-sips-guidelines: Meaning of sips
References: <015c01c680bf$b123a550$640fa8c0@cis.neustar.com> <447911C5.7050805@softarmor.com> <17529.15626.334110.853151@rautu.tutpro.com> <200605290322.40468.dean.willis@softarmor.com> <1148929672.17999.5.camel@niagra.pingtel.com> <758F0645-1076-44CB-8121-05C921B9B335@cisco.com> <447C45F6.60907@cisco.com> <447C5294.9010107@lucent.com> <447CCACA.10501@cisco.com> <953beacc0605311614g40618ac8n6ca6ab25069fd419@mail.gmail.com>
In-Reply-To: <953beacc0605311614g40618ac8n6ca6ab25069fd419@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Authentication-Results: sj-dkim-2.cisco.com; header.From=mat@cisco.com; dkim=pass ( sig from cisco.com verified; );
DKIM-Signature: a=rsa-sha1; q=dns; l=2824; t=1149118684; x=1149982684; c=relaxed/simple; s=sjdkim2001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=mat@cisco.com; z=From:Michael=20Thomas=20<mat@cisco.com> |Subject:Re=3A=20Wacky=20thead=20of=20the=20month=20award=20goes=20to=20...=20Re= 3A=20[Sip]=20draft-audet-sip-sips-guidelines=3A=0A=20Meaning=20of=20sips; X=v=3Dcisco.com=3B=20h=3D5Z3eXCg7lQqehgEB9HfS2i5thd0=3D; b=CS6qkeFnp3Nhq52GPPR3fPeTkKo3MHKuzOTScKSVLI13x9TX5OkqbSwHCgslLyfhObPhJBY1 CbKAtrudiVjRjKZb6L0sR3HF/wdFgz9hGcx2tM9isFEKoDtMlZohugyn;
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0fa76816851382eb71b0a882ccdc29ac
Cc: Sip <sip@ietf.org>, "Vijay K. Gurbani" <vkg@lucent.com>
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Errors-To: sip-bounces@ietf.org
You're undoubtably right -- I've been wondering about this -- so let me say that my problem is with anything that supposedly dictates security beyond what the next hop is but cannot be verified by the would be dictator. Barring end to end security of some form, anything that purports to elevate the authenticity and/or confidentiality of the signaling is bound to be misinterpretred, and that's what sips real sin is. If this is really a BCP -- which I'm becoming convinced is the only way to reasonably sell -- not oversell -- this desire, then we should work in that direction. Signaling for security that one has no means of verifying is just plain dumb. Mike Rohan Mahy wrote: > Michael, > > You seem to have a mistaken impression that transport=tls means > something it does not/is actually useful. Unfortunately, > transport=tls only affects the next hop, it interferes with NAPTR > selection of the actual underlying transport (TCP, UDP, SCTP, DCCP), > it looks really ugly in URIs, and it is a pain in the arse to enter on > a phone keypad. > > I don't really believe the last two are a big deal, but the important > thing here is that sips: has the semantics that most folks think > transport=tls should have, but transport=tls actually does not have. > > thanks, > -rohan > > > On 5/30/06, Michael Thomas <mat@cisco.com> wrote: > >> Vijay K. Gurbani wrote: >> >> > Michael Thomas wrote: >> > >> >> My question is whether it's answer to _any_ problem. My last >> attempt at >> >> getting and answer was fruitless. What attacks do SIPS thwart in real >> >> life >> >> that honest operators and transport=tls doesn't? Real life good guy, >> >> bad guy situations would be helpful. >> > >> > >> > Sorry -- catching up after a forced, and not entirely un-welcome, >> > lull introduced by the weekend. >> > >> > Dean has pointed out one answer to this; namely, "reduces the >> > probability of an accidental downgrade by intermediate proxies >> > between the UAC and the proxy responsible for the AOR, if those >> > proxies bother to honor it." >> >> >> How does it do that? Why does this sort of behavior require an ill >> conceived protocol element when it is really a BCP in disguise? >> >> > >> > A couple more: sips provides confidentiality of traffic >> > and authentication of a proxy and registrar to a UAC. Admittedly, >> > one could do this with transport=tls, but this particular >> > construct is deprecated in rfc3261. Currently, there is no means >> > for a UAC to authenticate a registrar or a proxy; sips at the >> > very least, allows for the signaling between the UAC and a >> > registrar to be on an confidential and authenticated channel. >> >> >> So SIPS is overloaded with transport=tls; Bletch. > _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- [Sip] draft-audet-sip-sips-guidelines: Meaning of… Francois Audet
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Paul Kyzivat
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Dean Willis
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Michael Thomas
- RE: [Sip] draft-audet-sip-sips-guidelines: Meanin… Francois Audet
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Paul Kyzivat
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Juha Heinanen
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Juha Heinanen
- RE: [Sip] draft-audet-sip-sips-guidelines: Meanin… Francois Audet
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Paul Kyzivat
- RE: [Sip] draft-audet-sip-sips-guidelines: Meanin… Francois Audet
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Michael Thomas
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Michael Thomas
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Paul Kyzivat
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Jonathan Rosenberg
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Michael Thomas
- RE: [Sip] draft-audet-sip-sips-guidelines: Meanin… Francois Audet
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Dean Willis
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Juha Heinanen
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Paul Kyzivat
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Dean Willis
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Dean Willis
- RE: [Sip] draft-audet-sip-sips-guidelines: Meanin… Dale R. Worley
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Vijay K. Gurbani
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Aki Niemi
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Michael Thomas
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Vijay K. Gurbani
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Paul Kyzivat
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Michael Thomas
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Dean Willis
- RE: [Sip] draft-audet-sip-sips-guidelines: Meanin… Francois Audet
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Paul Kyzivat
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Cullen Jennings
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Cullen Jennings
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Juha Heinanen
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Aki Niemi
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Dale R. Worley
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Paul Kyzivat
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Vijay K. Gurbani
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Paul Kyzivat
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Vijay K. Gurbani
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Paul Kyzivat
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Vijay K. Gurbani
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Paul Kyzivat
- RE: [Sip] draft-audet-sip-sips-guidelines: Meanin… Francois Audet
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Juha Heinanen
- RE: [Sip] draft-audet-sip-sips-guidelines: Meanin… Michael Hammer (mhammer)
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Vijay K. Gurbani
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Paul Kyzivat
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Vijay K. Gurbani
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Juha Heinanen
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Vijay K. Gurbani
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Dean Willis
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Vijay K. Gurbani
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… jbemmel
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Paul Kyzivat
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Vijay K. Gurbani
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Aki Niemi
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Aki Niemi
- RE: [Sip] draft-audet-sip-sips-guidelines: Meanin… Brian Rosen
- RE: [Sip] draft-audet-sip-sips-guidelines: Meanin… Juha Heinanen
- RE: [Sip] draft-audet-sip-sips-guidelines: Meanin… Brian Rosen
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Paul Kyzivat
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Vijay K. Gurbani
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Juha Heinanen
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Vijay K. Gurbani
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Juha Heinanen
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Joel M. Halpern
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Alan Jeffrey
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Michael Thomas
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Michael Thomas
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Vijay K. Gurbani
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Michael Thomas
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Vijay K. Gurbani
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Paul Kyzivat
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Juha Heinanen
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Michael Thomas
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Frank W. Miller
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Dean Willis
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Dean Willis
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Dean Willis
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Dean Willis
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Juha Heinanen
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Juha Heinanen
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Dean Willis
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Dale R. Worley
- Re: [Sip] draft-audet-sip-sips-guidelines: Meanin… Cullen Jennings
- Wacky thead of the month award goes to ... Re: [S… Cullen Jennings
- Re: Wacky thead of the month award goes to ... Re… Michael Thomas
- Re: Wacky thead of the month award goes to ... Re… Vijay K. Gurbani
- Re: Wacky thead of the month award goes to ... Re… Dean Willis
- RE: Wacky thead of the month award goes to ... Re… Francois Audet
- Re: Wacky thead of the month award goes to ... Re… Michael Thomas
- Re: Wacky thead of the month award goes to ... Re… Michael Thomas
- Re: Wacky thead of the month award goes to ... Re… Dean Willis
- Re: Wacky thead of the month award goes to ... Re… Juha Heinanen
- RE: Wacky thead of the month award goes to ... Re… Juha Heinanen
- transport=tls vs 3263 (was Re: Wacky thead of the… Robert Sparks
- Re: Wacky thead of the month award goes to ... Re… Paul Kyzivat
- Re: Wacky thead of the month award goes to ... Re… Paul Kyzivat
- [Sip] Options method and Authorization field Charles Abondo
- Re: Wacky thead of the month award goes to ... Re… Rohan Mahy
- Re: Wacky thead of the month award goes to ... Re… Rohan Mahy
- RE: Wacky thead of the month award goes to ... Re… Francois Audet
- RE: Wacky thead of the month award goes to ... Re… Francois Audet
- Re: Wacky thead of the month award goes to ... Re… Michael Thomas
- Re: Wacky thead of the month award goes to ... Re… Cullen Jennings
- Re: Wacky thead of the month award goes to ... Re… Cullen Jennings
- Re: Wacky thead of the month award goes to ... Re… Cullen Jennings
- Re: Wacky thead of the month award goes to ... Re… Cullen Jennings
- Re: transport=tls vs 3263 (was Re: Wacky thead of… Cullen Jennings
- Re: Wacky thead of the month award goes to ... Re… Juha Heinanen
- Re: transport=tls vs 3263 (was Re: Wacky thead of… Juha Heinanen
- Re: Wacky thead of the month award goes to ... Re… Michael Thomas
- RE: Wacky thead of the month award goes to ... Re… Francois Audet
- Re: Wacky thead of the month award goes to ... Re… Paul Kyzivat
- RE: Wacky thead of the month award goes to ... Re… Francois Audet
- Re: Wacky thead of the month award goes to ... Re… Paul Kyzivat