Re: [Sipping] Exploders drafts
Cullen Jennings <fluffy@cisco.com> Tue, 18 May 2004 06:32 UTC
Received: from optimus.ietf.org (iesg.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA17778 for <sipping-archive@odin.ietf.org>; Tue, 18 May 2004 02:32:30 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BPy35-0006ga-Qc for sipping-archive@odin.ietf.org; Tue, 18 May 2004 02:26:00 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i4I6PxdK025701 for sipping-archive@odin.ietf.org; Tue, 18 May 2004 02:25:59 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BPy1C-0005YH-A1 for sipping-web-archive@optimus.ietf.org; Tue, 18 May 2004 02:24:02 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA17225 for <sipping-web-archive@ietf.org>; Tue, 18 May 2004 02:23:59 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BPy18-0002SK-Ip for sipping-web-archive@ietf.org; Tue, 18 May 2004 02:23:58 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BPy0E-000242-00 for sipping-web-archive@ietf.org; Tue, 18 May 2004 02:23:03 -0400
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1BPxzb-0001fn-00 for sipping-web-archive@ietf.org; Tue, 18 May 2004 02:22:23 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BPxok-00078Q-4a; Tue, 18 May 2004 02:11:10 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BPxiY-0003Oz-5n for sipping@optimus.ietf.org; Tue, 18 May 2004 02:04:46 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA07740 for <sipping@ietf.org>; Tue, 18 May 2004 02:04:43 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BPxiU-0002qb-Au for sipping@ietf.org; Tue, 18 May 2004 02:04:42 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BPxhX-0002TY-00 for sipping@ietf.org; Tue, 18 May 2004 02:03:44 -0400
Received: from sj-iport-1-in.cisco.com ([171.71.176.70] helo=sj-iport-1.cisco.com) by ietf-mx with esmtp (Exim 4.12) id 1BPxgd-0001kC-00 for sipping@ietf.org; Tue, 18 May 2004 02:02:47 -0400
Received: from mira-sjc5-e.cisco.com (IDENT:mirapoint@mira-sjc5-e.cisco.com [171.71.163.15]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id i4I62GSu025104; Mon, 17 May 2004 23:02:16 -0700 (PDT)
Received: from [10.0.1.3] (sjc-vpn3-479.cisco.com [10.21.65.223]) by mira-sjc5-e.cisco.com (MOS 3.4.5-GR) with ESMTP id APA55092; Mon, 17 May 2004 23:02:15 -0700 (PDT)
User-Agent: Microsoft-Entourage/10.1.4.030702.0
Date: Mon, 17 May 2004 23:00:25 -0700
Subject: Re: [Sipping] Exploders drafts
From: Cullen Jennings <fluffy@cisco.com>
To: Gonzalo.Camarillo@ericsson.com, sipping <sipping@ietf.org>
Message-ID: <BCCEF489.3EFA7%fluffy@cisco.com>
In-Reply-To: <40A4BFB1.6060001@ericsson.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Content-Transfer-Encoding: 7bit
Sender: sipping-admin@ietf.org
Errors-To: sipping-admin@ietf.org
X-BeenThere: sipping@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
List-Id: SIPPING Working Group (applications of SIP) <sipping.ietf.org>
List-Post: <mailto:sipping@ietf.org>
List-Help: <mailto:sipping-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.1 required=5.0 tests=AWL autolearn=no version=2.60
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Few comments on these. On draft-camarillo-sipping-exploders-03.txt section 1 - para 2. This nicely points out the requirements for exploders - I like it. It does seem like a reasonable compression scheme would solve this requirement equally well. Other explained to me this does not work due to inadequacies in sigcomp but might be worth pointing this out. You might make an argument that a solution that took all the final exploded messages and sent them over an appropriately compressed link uses no more bandwidth on behalf of the sender than this and resulted in the same bandwidth usage on the receivers part and therefore the scheme proposed here was no worse a DOS attack problem than say compressed access links are. I imagine recommending logging as a solution for SPAM with exploders is going to, ah, raise some concerns about the desirability of this scheme. In the section on saying users must agree to receive stuff from an exploder, it would be nice to say that users must be able to easy revoke this. Having an explicit SIP mechanism for a user to grant permission to receive explosions, and more importantly, remove that permission grant, would make this better. It's interesting, in many ways the exploders is similar to publish but publish did not seem to have the same range of concerns about amplification, DOS, and message relay. Might want to figure out how to make it have the security properties more like publish. On draft-garcia-sipping-message-exploder-00.txt The embedded headers in the URI are nice but raise lots of issues. For example, if I insert a P-Asserted-Identity header with a fake name, will it be used? Or perhaps a Route header that caused the message to go to someone that had not agreed to receive exploded messages. The " The MESSAGE exploder MUST NOT copy any security body (such as an S/MIME signed body) addressed to the MESSAGE exploder to the outgoing MESSAGE request. This includes, e.g., security bodies signed with the public key of the exploder." This confuses me. If it was signed, it would be signed with the public key of the UA sending the request to the exploder? I'm just not sure what you are getting at with this. Is this the exploder must not relay any S/MIME body? In the security section - last paragraph. Not sure what you are proposing here. If I wanted to send an encrypted message to A and B, what would I do. I assume encrypt the List A,B with the public key of the exploder then provide a copy of the message that was encrypted with a content encryption key (call it the CEK) then encrypt the CEK with the public key of A and separately with B then bundle this all up somehow and send it. You mention integrity protection with S/MIME too - are you assuming that the exploder knows the public key of the UA sending the request? If the exploder has authenticated the sender, perhaps it should put the identity of the sender in the From of the messages it sends. This raises issues with trying to be Anonymous and user an exploder but perhaps this is a feature not a bug. I don't feel strongly about these drafts one way or another so I hope these comments get somewhat discounted as casual passer by - I know others have thought about it much more. Perhaps the amplification issue in this B2BUA based solution can be justified as no worse than the alternative solution to the problem using compression with a proxy. Cullen On 5/14/04 5:46 AM, "Gonzalo Camarillo" <Gonzalo.Camarillo@ericsson.com> wrote: > Folks, > > I have just submitted the following draft. Until it appears in the > archives, you can fetch it from: > > http://standards.ericsson.net/gonzalo/papers/draft-camarillo-sipping-exploders > -03.txt > > It describes the exploders' requirements and a framework to meet them. > The framework includes references to the following documents, which will > be discussed in the interim as well: > > http://www.ietf.org/internet-drafts/draft-camarillo-sipping-uri-list-02.txt > http://www.ietf.org/internet-drafts/draft-camarillo-sipping-adhoc-conferencing > -00.txt > http://www.ietf.org/internet-drafts/draft-camarillo-sipping-adhoc-simple-00.tx> t > http://www.ietf.org/internet-drafts/draft-garcia-sipping-message-exploder-00.t > xt > > Best regards, > > Gonzalo > > > _______________________________________________ > Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping > This list is for NEW development of the application of SIP > Use sip-implementors@cs.columbia.edu for questions on current sip > Use sip@ietf.org for new developments of core SIP > _______________________________________________ Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping This list is for NEW development of the application of SIP Use sip-implementors@cs.columbia.edu for questions on current sip Use sip@ietf.org for new developments of core SIP
- [Sipping] Exploders drafts Gonzalo Camarillo
- Re: [Sipping] Exploders drafts Cullen Jennings
- Re: [Sipping] Exploders drafts Gonzalo Camarillo
- Re: [Sipping] Exploders drafts Miguel Garcia
- Re: [Sipping] Exploders drafts Cullen Jennings
- Re: [Sipping] Exploders drafts Cullen Jennings