RE: [Sipping] WGLC Review: draft-ietf-sipping-capacity-attribute-01.txt

"Samir Srivastava" <samirsr@nortel.com> Thu, 21 September 2006 19:58 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GQUgO-0006L6-Fd; Thu, 21 Sep 2006 15:58:04 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GQUgN-0006JZ-1f for sipping@ietf.org; Thu, 21 Sep 2006 15:58:03 -0400
Received: from zcars04e.nortel.com ([47.129.242.56]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GQUgK-0000x3-NQ for sipping@ietf.org; Thu, 21 Sep 2006 15:58:03 -0400
Received: from zrc2hxm2.corp.nortel.com (zrc2hxm2.corp.nortel.com [47.103.123.73]) by zcars04e.nortel.com (Switch-2.2.0/Switch-2.2.0) with ESMTP id k8LJpRP21688; Thu, 21 Sep 2006 15:51:27 -0400 (EDT)
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Sipping] WGLC Review: draft-ietf-sipping-capacity-attribute-01.txt
Date: Thu, 21 Sep 2006 14:57:48 -0500
Message-ID: <62B9B0847CC47543B6B3B5E26BD268E60E92541D@zrc2hxm2.corp.nortel.com>
In-Reply-To: <451269AC.6040006@nokia.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Sipping] WGLC Review: draft-ietf-sipping-capacity-attribute-01.txt
Thread-index: AcbdaP6sV1mDHdDBRFWPZQDDNZ0CSAATXvLQ
From: Samir Srivastava <samirsr@nortel.com>
To: Miguel Garcia <Miguel.An.Garcia@nokia.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 73734d43604d52d23b3eba644a169745
Cc: sipping@ietf.org, Mary Barnes <mary.barnes@nortel.com>, Gonzalo.Camarillo@ericsson.com
X-BeenThere: sipping@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SIPPING Working Group \(applications of SIP\)" <sipping.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sipping@ietf.org>
List-Help: <mailto:sipping-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
Errors-To: sipping-bounces@ietf.org

Hi Miguel,

My concerns were driven by the dynamic nature of cipher technologies.
And we have the problems coming from others as SIPS is mentioned as
*statically* for the security at numerous places.

IMHO, we should have boiler-plate kind of stuff in the security section
which takes into the account the security provided by underlying secure
protocol layers generically.

And then each specification addresses other security aspects for in
particular to that specification in the separate paragraph in the
Security Considerations.

Hopefully, it addresses the concerns of SIPS proponents in future.

Thx
Samir

> -----Original Message-----
> From: Miguel Garcia [mailto:Miguel.An.Garcia@nokia.com]
> Sent: Thursday, September 21, 2006 3:30 AM
> To: Srivastava, Samir (SC100:8826)
> Cc: Barnes, Mary (RICH2:B601); Gonzalo.Camarillo@ericsson.com;
> sipping@ietf.org
> Subject: Re: [Sipping] WGLC Review:
draft-ietf-sipping-capacity-attribute-
> 01.txt
> 
> I think the spirit of the text is not to exclude any technology. In
> essence, any technology that is able to cypher SIP messages is
suitable
> to protect privacy. We should probably  mention TLS as an example of
one
> of such technologies.
> 
> /Miguel
> 
> Samir Srivastava wrote:
> > Hi,
> >
> > What is the reason for not considering IPSEC tunnels in the text?
DTLS
> > is still open issue. So better open-ended text can be phrased like
> >
> > "... was sent over a secured channel provided by the underlying
layers
> > e.g.
> > TLS, IPSEC ...."
> >
> > How long we want to carry S/MIME with it's deploy ability issues. If
> > still we want to use S/MIME atleast known issues with it should be
> > listed similar to 3261. Or reference to section of 3261 should be
given.
> >
> >
> > IMHO, SIP message means REQUEST and RESPONSE both. So the text
should be
> > well aligned like ".... SIP request unless the SIP request ..." or
with
> > the "message" word.
> >
> > Thx
> > Samir
> >
> >> - Section 8, 3rd paragraph, 3rd sentence. "was" -> "is"
> >> OLD:
> >>    Eavesdroppers are able to watch URI-lists contained in SIP
> >>    requests unless the SIP message was sent over a secured channel
> > with
> >>    Transport Layer Security (TLS) [3] or unless the URI-list body
> > itself
> >>    is encrypted with S/MIME [8].
> >> NEW:
> >>    Eavesdroppers are able to watch URI-lists contained in SIP
> >>    requests unless the SIP message is sent over a secured channel
with
> >>    Transport Layer Security (TLS) [3] or unless the URI-list body
> > itself
> >>    is encrypted with S/MIME [8].
> >>
> >
> 
> --
> Miguel A. Garcia           tel:+358-50-4804586
> sip:miguel.garcia@neonsite.net
> Nokia Research Center      Helsinki, Finland

_______________________________________________
Sipping mailing list  https://www1.ietf.org/mailman/listinfo/sipping
This list is for NEW development of the application of SIP
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sip@ietf.org for new developments of core SIP