Re: [Sipping] Exploders drafts
Cullen Jennings <fluffy@cisco.com> Tue, 18 May 2004 06:32 UTC
Received: from optimus.ietf.org (iesg.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA17778 for <sipping-archive@odin.ietf.org>; Tue, 18 May 2004 02:32:30 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BPy35-0006ga-Qc for sipping-archive@odin.ietf.org; Tue, 18 May 2004 02:26:00 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i4I6PxdK025701 for sipping-archive@odin.ietf.org; Tue, 18 May 2004 02:25:59 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BPy1C-0005YH-A1 for sipping-web-archive@optimus.ietf.org; Tue, 18 May 2004 02:24:02 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA17225 for <sipping-web-archive@ietf.org>; Tue, 18 May 2004 02:23:59 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BPy18-0002SK-Ip for sipping-web-archive@ietf.org; Tue, 18 May 2004 02:23:58 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BPy0E-000242-00 for sipping-web-archive@ietf.org; Tue, 18 May 2004 02:23:03 -0400
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1BPxzb-0001fn-00 for sipping-web-archive@ietf.org; Tue, 18 May 2004 02:22:23 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BPxok-00078Q-4a; Tue, 18 May 2004 02:11:10 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BPxiY-0003Oz-5n for sipping@optimus.ietf.org; Tue, 18 May 2004 02:04:46 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA07740 for <sipping@ietf.org>; Tue, 18 May 2004 02:04:43 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BPxiU-0002qb-Au for sipping@ietf.org; Tue, 18 May 2004 02:04:42 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BPxhX-0002TY-00 for sipping@ietf.org; Tue, 18 May 2004 02:03:44 -0400
Received: from sj-iport-1-in.cisco.com ([171.71.176.70] helo=sj-iport-1.cisco.com) by ietf-mx with esmtp (Exim 4.12) id 1BPxgd-0001kC-00 for sipping@ietf.org; Tue, 18 May 2004 02:02:47 -0400
Received: from mira-sjc5-e.cisco.com (IDENT:mirapoint@mira-sjc5-e.cisco.com [171.71.163.15]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id i4I62GSu025104; Mon, 17 May 2004 23:02:16 -0700 (PDT)
Received: from [10.0.1.3] (sjc-vpn3-479.cisco.com [10.21.65.223]) by mira-sjc5-e.cisco.com (MOS 3.4.5-GR) with ESMTP id APA55092; Mon, 17 May 2004 23:02:15 -0700 (PDT)
User-Agent: Microsoft-Entourage/10.1.4.030702.0
Date: Mon, 17 May 2004 23:00:25 -0700
Subject: Re: [Sipping] Exploders drafts
From: Cullen Jennings <fluffy@cisco.com>
To: Gonzalo.Camarillo@ericsson.com, sipping <sipping@ietf.org>
Message-ID: <BCCEF489.3EFA7%fluffy@cisco.com>
In-Reply-To: <40A4BFB1.6060001@ericsson.com>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Content-Transfer-Encoding: 7bit
Sender: sipping-admin@ietf.org
Errors-To: sipping-admin@ietf.org
X-BeenThere: sipping@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
List-Id: SIPPING Working Group (applications of SIP) <sipping.ietf.org>
List-Post: <mailto:sipping@ietf.org>
List-Help: <mailto:sipping-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.1 required=5.0 tests=AWL autolearn=no version=2.60
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Few comments on these.
On draft-camarillo-sipping-exploders-03.txt section 1 - para 2.
This nicely points out the requirements for exploders - I like it. It does
seem like a reasonable compression scheme would solve this requirement
equally well. Other explained to me this does not work due to inadequacies
in sigcomp but might be worth pointing this out.
You might make an argument that a solution that took all the final exploded
messages and sent them over an appropriately compressed link uses no more
bandwidth on behalf of the sender than this and resulted in the same
bandwidth usage on the receivers part and therefore the scheme proposed here
was no worse a DOS attack problem than say compressed access links are.
I imagine recommending logging as a solution for SPAM with exploders is
going to, ah, raise some concerns about the desirability of this scheme.
In the section on saying users must agree to receive stuff from an exploder,
it would be nice to say that users must be able to easy revoke this. Having
an explicit SIP mechanism for a user to grant permission to receive
explosions, and more importantly, remove that permission grant, would make
this better. It's interesting, in many ways the exploders is similar to
publish but publish did not seem to have the same range of concerns about
amplification, DOS, and message relay. Might want to figure out how to make
it have the security properties more like publish.
On draft-garcia-sipping-message-exploder-00.txt
The embedded headers in the URI are nice but raise lots of issues. For
example, if I insert a P-Asserted-Identity header with a fake name, will it
be used? Or perhaps a Route header that caused the message to go to someone
that had not agreed to receive exploded messages.
The " The MESSAGE exploder MUST NOT copy any security body (such as an
S/MIME signed body) addressed to the MESSAGE exploder to the
outgoing MESSAGE request. This includes, e.g., security bodies
signed with the public key of the exploder."
This confuses me. If it was signed, it would be signed with the public key
of the UA sending the request to the exploder? I'm just not sure what you
are getting at with this. Is this the exploder must not relay any S/MIME
body?
In the security section - last paragraph. Not sure what you are proposing
here. If I wanted to send an encrypted message to A and B, what would I do.
I assume encrypt the List A,B with the public key of the exploder then
provide a copy of the message that was encrypted with a content encryption
key (call it the CEK) then encrypt the CEK with the public key of A and
separately with B then bundle this all up somehow and send it. You mention
integrity protection with S/MIME too - are you assuming that the exploder
knows the public key of the UA sending the request?
If the exploder has authenticated the sender, perhaps it should put the
identity of the sender in the From of the messages it sends. This raises
issues with trying to be Anonymous and user an exploder but perhaps this is
a feature not a bug.
I don't feel strongly about these drafts one way or another so I hope these
comments get somewhat discounted as casual passer by - I know others have
thought about it much more. Perhaps the amplification issue in this B2BUA
based solution can be justified as no worse than the alternative solution to
the problem using compression with a proxy.
Cullen
On 5/14/04 5:46 AM, "Gonzalo Camarillo" <Gonzalo.Camarillo@ericsson.com>
wrote:
> Folks,
>
> I have just submitted the following draft. Until it appears in the
> archives, you can fetch it from:
>
> http://standards.ericsson.net/gonzalo/papers/draft-camarillo-sipping-exploders
> -03.txt
>
> It describes the exploders' requirements and a framework to meet them.
> The framework includes references to the following documents, which will
> be discussed in the interim as well:
>
> http://www.ietf.org/internet-drafts/draft-camarillo-sipping-uri-list-02.txt
> http://www.ietf.org/internet-drafts/draft-camarillo-sipping-adhoc-conferencing
> -00.txt
>
http://www.ietf.org/internet-drafts/draft-camarillo-sipping-adhoc-simple-00.tx>
t
> http://www.ietf.org/internet-drafts/draft-garcia-sipping-message-exploder-00.t
> xt
>
> Best regards,
>
> Gonzalo
>
>
> _______________________________________________
> Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping
> This list is for NEW development of the application of SIP
> Use sip-implementors@cs.columbia.edu for questions on current sip
> Use sip@ietf.org for new developments of core SIP
>
_______________________________________________
Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping
This list is for NEW development of the application of SIP
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sip@ietf.org for new developments of core SIP
- [Sipping] Exploders drafts Gonzalo Camarillo
- Re: [Sipping] Exploders drafts Cullen Jennings
- Re: [Sipping] Exploders drafts Gonzalo Camarillo
- Re: [Sipping] Exploders drafts Miguel Garcia
- Re: [Sipping] Exploders drafts Cullen Jennings
- Re: [Sipping] Exploders drafts Cullen Jennings