Re: [sipcore] Security Issue

Samir Srivastava <> Wed, 08 December 2010 18:13 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 496143A6866 for <>; Wed, 8 Dec 2010 10:13:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.473
X-Spam-Status: No, score=-3.473 tagged_above=-999 required=5 tests=[AWL=0.125, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id yJpyo3zBjqFm for <>; Wed, 8 Dec 2010 10:13:42 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 0D9213A6961 for <>; Wed, 8 Dec 2010 10:13:41 -0800 (PST)
Received: by ywk9 with SMTP id 9so911813ywk.31 for <>; Wed, 08 Dec 2010 10:15:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=tuXsAE7tmf5d4nUT5lIHx2sKuHHWg1ORpXRYfmkM+J0=; b=MzHFGrko5f/hQDPeIawow9XAX5Z3ZKMUPiqZO4iLOw+dTai8KdUsHjsYwMZnBojb95 DA7Tx7sPlZ1MJ7FPR4AyieTpio/LHqU9h4c5WrF7ixxmofC5jJ+HaptDhKgzvahfi2JV Jh2v4qs2HSj4RPXguntAToTaBPQUjoKrI2Pmk=
DomainKey-Signature: a=rsa-sha1; c=nofws;; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=GSMiPsuwZTxNge5Dv9IuLVWXtUbaEC63m++4RCfgw7kMrIX7ztctm+EwG8QAAtfDxY lY5TCgK4vj611Nzq1IKJE1zLxxPeVOlTla8fNAmn13A/shjvbnCokqZFd5eoFh7d1z4g NK0Di1HxKze9ZwZOPx/WQ5YplmODORQAgrDSY=
MIME-Version: 1.0
Received: by with SMTP id y6mr9419969ibu.99.1291832109055; Wed, 08 Dec 2010 10:15:09 -0800 (PST)
Received: by with HTTP; Wed, 8 Dec 2010 10:15:09 -0800 (PST)
In-Reply-To: <>
References: <> <>
Date: Wed, 8 Dec 2010 10:15:09 -0800
Message-ID: <>
From: Samir Srivastava <>
To: Paul Kyzivat <>
Content-Type: multipart/alternative; boundary=0016e64c2a1af840c20496ea19b0
Subject: Re: [sipcore] Security Issue
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Core Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 08 Dec 2010 18:13:43 -0000


  Paul, you will be getting two copies, as I didn't include sipcore in
earlier email.

  This is with reference to ciphersuite draft long time back. When we were
discussing the issues with SIPS vs Proxy-Require/ Require etc within SIP
group (which I see as concluded group now). I am getting back to active
within IETF SIP activities.

  I want to know what we had decided for the below Or these issues are still

1) Securing messages with different URI schemes such as im:, pres:, tel:

2) I see SIPS as standard now, how did we decide for feature control case,
e.,g. Presence information sent over the secure channel and it is
distributed over the unsecure channel to the watchers.

3) Degradation of cipher-suites if group with security advisor agreed

4) Security with other Secure Protocol. Such as double enryption due to TLS
and IPSEC tunnel.between two SIP addressable end points.

  The answers to above will help me in deciding to bring the next version of
cipher-suite draft to the community,


On Wed, Dec 8, 2010 at 7:51 AM, Paul Kyzivat <> wrote:

> IIUC you posted earier to sip-implementors, not sipcore.
> If your issues are simply implementation concerns, it would be best to
> continue your discussion there.
> If you think your issues are deficiencies or errors in the specs, then this
> is probably the right place. If so, please repost here the details you are
> concerned with.
> (I seem to recall some message(s) on the subjects you mention, but not any
> details. I get too much mail to monitor and respond more than sporadically
> and opportunistically to sip-implementors.)
>        Thanks,
>        Paul
> On 12/8/2010 3:25 AM, Samir Srivastava wrote:
>>  Hi,
>>   I am getting active after a long pause. Trying to figure out the
>> details.
>>   I posted earlier on the SIP Implementors regarding the
>>   1)  security for other URI such as IM, PRES, TEL
>>   2)  feature control such as presence information sent over the secure
>> channel is distributed over the unsecure channel.
>>   3)  Alongwith other issues, which I was pointing earlier on the list.
>>   Does anybody has answer to 1) and 2) or not or what is the plan?
>>   Paul, Dale other folks active here and active there too. I was
>> expecting it might have resolved either way to know the result.
>> Thx
>> Samir Srivastava
>> _______________________________________________
>> sipcore mailing list
> _______________________________________________
> sipcore mailing list