IETF Logo Mail Archive

Re: [sipcore] New Version Notification for draft-ibc-sipcore-sip-websocket-00 (previously draft-ibc-rtcweb-sip-websocket-00)

Gilad Shaham <gilad@voxisoft.com> Mon, 05 December 2011 09:36 UTC

Return-Path: <gilad@voxisoft.com>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41A8321F8AE9 for <sipcore@ietfa.amsl.com>; Mon, 5 Dec 2011 01:36:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.48
X-Spam-Level:
X-Spam-Status: No, score=-2.48 tagged_above=-999 required=5 tests=[AWL=-0.404, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_24=0.6, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NTZ9XysoNKWE for <sipcore@ietfa.amsl.com>; Mon, 5 Dec 2011 01:36:17 -0800 (PST)
Received: from mail-qy0-f172.google.com (mail-qy0-f172.google.com [209.85.216.172]) by ietfa.amsl.com (Postfix) with ESMTP id 20F5421F8A67 for <sipcore@ietf.org>; Mon, 5 Dec 2011 01:36:16 -0800 (PST)
Received: by qcsf15 with SMTP id f15so1582908qcs.31 for <sipcore@ietf.org>; Mon, 05 Dec 2011 01:36:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=voxisoft.com; s=google; h=mime-version:x-originating-ip:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=6WzV60SD4eC3hGMuaeWm0Fy/kD6IYCAXaZv2hwzrAWM=; b=WbRH9m5nPDEQAgCXvWpeurbCWJmgloUr+qL7M6xWnpT13hvl8N5mUlYPR5qjFiy4Jf ocG0GQ/uFTAEpQLRaiB9RyK7lW89rJzeyRAvRy7hMQohC9C+kBCtS5RaRgg7xFgC3AWI Bsyr0YJWyfeU3nKSXHFJOF4dxmqoK+aFv0n5U=
Received: by 10.229.24.139 with SMTP id v11mr1773052qcb.175.1323077775215; Mon, 05 Dec 2011 01:36:15 -0800 (PST)
MIME-Version: 1.0
Received: by 10.229.159.198 with HTTP; Mon, 5 Dec 2011 01:35:54 -0800 (PST)
X-Originating-IP: [109.64.26.1]
In-Reply-To: <CALiegfnCym7NdEs=TH=UtYjsK6jgqkVfHaeyHo1VU1QMTb-VyA@mail.gmail.com>
References: <CALiegfm8Dv8kHE1xrt59vBzLzB29mOvjH6YR2m=vm=p_BtSBTw@mail.gmail.com> <CAGTXFp82jNsCUBM=j=Tq1Xc5cOr7P1Hbp9gv5MQyeVBoOS5=ng@mail.gmail.com> <5470070492D34F4EAC60E4ED91CB3841@gsmlaptop> <CALiegfmdxJQ+fAevUCfOaJjRkja-vW2Sqh-83-J=3_E5Ba1j6A@mail.gmail.com> <CA+cEqjc+2JR8S5i=kcpSz96KC_Mtd9OThafcGgeeAXaFEzZoWQ@mail.gmail.com> <CALiegfnCym7NdEs=TH=UtYjsK6jgqkVfHaeyHo1VU1QMTb-VyA@mail.gmail.com>
From: Gilad Shaham <gilad@voxisoft.com>
Date: Mon, 05 Dec 2011 11:35:54 +0200
Message-ID: <CA+cEqjctnA4_0Oef-juusN3=LUiao414DYUJhO6od+JYkutkJg@mail.gmail.com>
To: Iñaki Baz Castillo <ibc@aliax.net>
Content-Type: multipart/alternative; boundary="001636426537cd4e8004b3550cef"
Cc: José Luis Millán <jmillan@aliax.net>, "SIPCORE (Session Initiation Protocol Core) WG" <sipcore@ietf.org>
Subject: Re: [sipcore] New Version Notification for draft-ibc-sipcore-sip-websocket-00 (previously draft-ibc-rtcweb-sip-websocket-00)
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sipcore>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Dec 2011 09:36:18 -0000

On Mon, Dec 5, 2011 at 10:31 AM, Iñaki Baz Castillo <ibc@aliax.net> wrote:

> 2011/12/2 Gilad Shaham <gilad@voxisoft.com>:
> >> Said that, what do you exactly miss (related to sips) in the draft?
> >> maybe an example flow? or perhaps a consideration that "in presence of
> >> a sips URI the WebSocket transport must be secure which means "wss"
> >> URI in the WebSocket connection"?
> >>
> > If using sips in the examples has a negative effect on clarity I
> understand,
> > but it is a bcp and a recommendation, is it not? It should be clear that
> > implementors would not rely solely on 'wss' for end-to-end-encryption,
> but
> > rather use sips URI for that purpose, especially since the draft does
> > recommend securing the traffic. In other words, I believe there should
> be at
> > the very least text explaining that in the security considerations
> section.
>
> Ok, it makes sense. We will add a text under the Security section
> about the relationship between SIPS usage and WSS transport
> requirement.
>
> Great, then I'll look for it in the next draft.

>
>
>
> >> As explained in the draft, the JavaScript stack in WebSocket capable
> >> web browsers has no way to determine the source IP:port from which a
> >> WebSocket connection has been established, this is, the SIP UA running
> >> within a JavaScript application in a web does not know its local
> >> address. Therefore we've chosen 'anonymous.invalid' for Via
> >> sentby-host value and for Contact in the initial REGISTER (once the
> >> registration is done, the SIP UA would know its GRUU addresses).
> >> Regardless GRUU is implemented in the registrar, the usage of Outbound
> >> (RFC 5626) makes unnecessary for the SIP UA to know its local address.
> >>
> >> Of course, in case there is a hostname more appropriate than
> >> 'anonymous.invalid' then we could propose it. Is there?
> >
> > The string did reminded me of the privacy extensions, since it's used in
> the
> > From header, but I was more concerned there is something unspecified.
> > Outbound still mandates a URI since the authoritative proxy will store
> that
> > value to form the target set and therefore it seems as if the UA should
> be
> > prepared to receive anonymous.invalid as target URI. Should that be the
> case
> > or should the UA generate some kind of URI? It's just an example and it's
> > possible it's easy to explain how it works, but my point is that this
> seems
> > undefined.
> >
> > I agree that the URI should not be mandatory since it is due to
> javascript
> > security limitations and it's certainly possible this transport would be
> > used outside the browser. If you are looking for alternative hostnames,
> > 'localhost' comes to mind, but I didn't really consider whether it's
> better,
> > worse or equivalent.
>
> Yes, using localhost would be another option, but it has a drawback in
> case the WebSocket SIP UA does not use GRUU: in that case a remote
> peer would see "localhost" as the target of of WS UA. If it sends a
> REFER to a third participant containing "Refer-To:
> <sip:alice@localhost;transport=ws>" then the third participant would
> try to open a WS connection to itself. Well, as the draft states, GRUU
> is required for SIP UA's using WebSocket transport, at least in web
> browsers.
>
> So I'm not sure wheter using "localhost" is better than using
> "anonymous.invalid". Maybe it is better to use "invalid.domain"?
>
> So, if we were to have normative text that defines this, it would probably
explain why localhost or any routable domain name is a bad choice as
opposed to a non-routable domain. Should a UA be free to choose based on a
set of rules or are we defining one host part for all? Should it generate
parts or all of this domain dynamically to assist with matching incoming
requests? Is one free to use an invalid IP (such as the infamous 0.0.0.0)?

And most importantly, do others believe this requires normative text or not?

Thanks,
Gilad

v2.23.0 | Report a Bug | By Email