Re: [Sipping] Exploders drafts
Miguel Garcia <Miguel.An.Garcia@nokia.com> Wed, 19 May 2004 11:01 UTC
Received: from optimus.ietf.org (www.iesg.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id HAA00950 for <sipping-archive@odin.ietf.org>; Wed, 19 May 2004 07:01:20 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQObo-0002OM-Mv for sipping-archive@odin.ietf.org; Wed, 19 May 2004 06:47:36 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i4JAlaeM009195 for sipping-archive@odin.ietf.org; Wed, 19 May 2004 06:47:36 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQOXP-0001wh-MP for sipping-web-archive@optimus.ietf.org; Wed, 19 May 2004 06:43:03 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA29622 for <sipping-web-archive@ietf.org>; Wed, 19 May 2004 06:42:59 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BQOXL-00001d-LC for sipping-web-archive@ietf.org; Wed, 19 May 2004 06:42:59 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BQOWU-0007dH-00 for sipping-web-archive@ietf.org; Wed, 19 May 2004 06:42:07 -0400
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1BQOVN-0007S1-00 for sipping-web-archive@ietf.org; Wed, 19 May 2004 06:40:57 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQOMk-0000Dr-38; Wed, 19 May 2004 06:32:02 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQOJX-0008B0-Ez for sipping@optimus.ietf.org; Wed, 19 May 2004 06:28:43 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA28557 for <sipping@ietf.org>; Wed, 19 May 2004 06:28:39 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BQOJT-0005Qc-IU for sipping@ietf.org; Wed, 19 May 2004 06:28:39 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BQOIX-0005GT-00 for sipping@ietf.org; Wed, 19 May 2004 06:27:42 -0400
Received: from mgw-x3.nokia.com ([131.228.20.26]) by ietf-mx with esmtp (Exim 4.12) id 1BQOHY-00056e-00 for sipping@ietf.org; Wed, 19 May 2004 06:26:40 -0400
Received: from esdks003.ntc.nokia.com (esdks003.ntc.nokia.com [172.21.138.158]) by mgw-x3.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id i4JAQUL27009; Wed, 19 May 2004 13:26:30 +0300 (EET DST)
X-Scanned: Wed, 19 May 2004 13:26:29 +0300 Nokia Message Protector V1.3.30 2004040916 - RELEASE
Received: (from root@localhost) by esdks003.ntc.nokia.com (8.12.9/8.12.9) id i4JAQT1Q019970; Wed, 19 May 2004 13:26:29 +0300
Received: from mgw-int1.ntc.nokia.com (172.21.143.96) by esdks003.ntc.nokia.com 00acn8Ni; Wed, 19 May 2004 13:26:27 EEST
Received: from esebh002.NOE.Nokia.com (esebh002.ntc.nokia.com [172.21.138.77]) by mgw-int1.ntc.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id i4JA7VH01175; Wed, 19 May 2004 13:07:31 +0300 (EET DST)
Received: from nokia.com ([172.21.40.187]) by esebh002.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Wed, 19 May 2004 13:07:26 +0300
Message-ID: <40AB31DE.1010903@nokia.com>
Date: Wed, 19 May 2004 13:07:26 +0300
From: Miguel Garcia <Miguel.An.Garcia@nokia.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: en-us, en, es-es
MIME-Version: 1.0
To: Cullen Jennings <fluffy@cisco.com>
CC: Gonzalo.Camarillo@ericsson.com, sipping <sipping@ietf.org>
Subject: Re: [Sipping] Exploders drafts
References: <BCCEF489.3EFA7%fluffy@cisco.com>
In-Reply-To: <BCCEF489.3EFA7%fluffy@cisco.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 19 May 2004 10:07:26.0245 (UTC) FILETIME=[1604E550:01C43D89]
Content-Transfer-Encoding: 7bit
Sender: sipping-admin@ietf.org
Errors-To: sipping-admin@ietf.org
X-BeenThere: sipping@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
List-Id: SIPPING Working Group (applications of SIP) <sipping.ietf.org>
List-Post: <mailto:sipping@ietf.org>
List-Help: <mailto:sipping-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.1 required=5.0 tests=AWL autolearn=no version=2.60
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Cullen Jennings wrote: > On draft-garcia-sipping-message-exploder-00.txt > > The embedded headers in the URI are nice but raise lots of issues. For > example, if I insert a P-Asserted-Identity header with a fake name, will it > be used? Or perhaps a Route header that caused the message to go to someone > that had not agreed to receive exploded messages. First, this issue is applicable not only to the MESSAGE exploder draft, but to any other exploder document. It can happen with INVITE, SUBSCRIBE or REFER as well. Second, the exploder implements a SIP UA functionality, meaning that if implements RFC 3325, it is able to distinguish when the P-Asserted-Identity is trusted or not, as required by the RFC. Based on this trustness of the asserted identity, the exploder may implement local policy to pass the header to the other side or not. > > The " The MESSAGE exploder MUST NOT copy any security body (such as an > S/MIME signed body) addressed to the MESSAGE exploder to the > outgoing MESSAGE request. This includes, e.g., security bodies > signed with the public key of the exploder." > This confuses me. If it was signed, it would be signed with the public key > of the UA sending the request to the exploder? I'm just not sure what you > are getting at with this. Is this the exploder must not relay any S/MIME > body? This is obviously wrong. The text shold speak about an "encrypted body" and "bodies encrypted with the public key of the explodr". The idea is very simple: if the exploder is able to decrypt an encrypted body, it should not copy that encrypted body to the outgoing request, since the receiver will not be able to decrypted. > > In the security section - last paragraph. Not sure what you are proposing > here. If I wanted to send an encrypted message to A and B, what would I do. > I assume encrypt the List A,B with the public key of the exploder then > provide a copy of the message that was encrypted with a content encryption > key (call it the CEK) then encrypt the CEK with the public key of A and > separately with B then bundle this all up somehow and send it. Yes, that is how it should be done. I conquer that the text is not clear enough, we will clarify it. > You mention > integrity protection with S/MIME too - are you assuming that the exploder > knows the public key of the UA sending the request? That is the assumption. > > If the exploder has authenticated the sender, perhaps it should put the > identity of the sender in the From of the messages it sends. This raises > issues with trying to be Anonymous and user an exploder but perhaps this is > a feature not a bug. I don't think that the decision point is whether the user is authenticated or not. I belive the decision point is the user requirements expressed in the Privacy header. That will determine whether to populate the From header with the user ID or something else > I don't feel strongly about these drafts one way or another so I hope these > comments get somewhat discounted as casual passer by - I know others have > thought about it much more. Perhaps the amplification issue in this B2BUA > based solution can be justified as no worse than the alternative solution to > the problem using compression with a proxy. > > Cullen > > > -- Miguel A. Garcia tel:+358-50-4804586 Nokia Research Center Helsinki, Finland _______________________________________________ Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping This list is for NEW development of the application of SIP Use sip-implementors@cs.columbia.edu for questions on current sip Use sip@ietf.org for new developments of core SIP
- [Sipping] Exploders drafts Gonzalo Camarillo
- Re: [Sipping] Exploders drafts Cullen Jennings
- Re: [Sipping] Exploders drafts Gonzalo Camarillo
- Re: [Sipping] Exploders drafts Miguel Garcia
- Re: [Sipping] Exploders drafts Cullen Jennings
- Re: [Sipping] Exploders drafts Cullen Jennings