Re: [Sipping] Exploders drafts
Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com> Tue, 18 May 2004 16:35 UTC
Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA26059 for <sipping-archive@odin.ietf.org>; Tue, 18 May 2004 12:35:59 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQ7Rz-0003zY-Hl for sipping-archive@odin.ietf.org; Tue, 18 May 2004 12:28:19 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i4IGSJAY015345 for sipping-archive@odin.ietf.org; Tue, 18 May 2004 12:28:19 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQ79J-0006jp-T0 for sipping-web-archive@optimus.ietf.org; Tue, 18 May 2004 12:09:01 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA24861 for <sipping-web-archive@ietf.org>; Tue, 18 May 2004 12:08:59 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BQ79I-0004AN-Gj for sipping-web-archive@ietf.org; Tue, 18 May 2004 12:09:00 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BQ78N-00048I-00 for sipping-web-archive@ietf.org; Tue, 18 May 2004 12:08:04 -0400
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1BQ77V-00046G-00 for sipping-web-archive@ietf.org; Tue, 18 May 2004 12:07:09 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQ6zf-0003i9-BP; Tue, 18 May 2004 11:59:03 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BQ6o6-0000VO-04 for sipping@optimus.ietf.org; Tue, 18 May 2004 11:47:06 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA23842 for <sipping@ietf.org>; Tue, 18 May 2004 11:47:03 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BQ6o4-00030Z-TD for sipping@ietf.org; Tue, 18 May 2004 11:47:05 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BQ6n5-0002wj-00 for sipping@ietf.org; Tue, 18 May 2004 11:46:04 -0400
Received: from imr1.ericy.com ([198.24.6.9]) by ietf-mx with esmtp (Exim 4.12) id 1BQ6m3-0002rV-00 for sipping@ietf.org; Tue, 18 May 2004 11:44:59 -0400
Received: from eamrcnt750.exu.ericsson.se (eamrcnt750.exu.ericsson.se [138.85.133.51]) by imr1.ericy.com (8.12.10/8.12.10) with ESMTP id i4IFhmLc012494; Tue, 18 May 2004 10:43:48 -0500 (CDT)
Received: from ericsson.com (rvi2-93-21.sw.ericsson.se [153.88.93.21]) by eamrcnt750.exu.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2657.72) id JQWLXM6G; Tue, 18 May 2004 10:43:16 -0500
Message-ID: <40AA2F33.2060305@ericsson.com>
Date: Tue, 18 May 2004 18:43:47 +0300
X-Sybari-Trust: abf90250 08d63d2e 09a997dd 00000138
From: Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Cullen Jennings <fluffy@cisco.com>
CC: sipping <sipping@ietf.org>, Miguel Garcia <Miguel.An.Garcia@nokia.com>
Subject: Re: [Sipping] Exploders drafts
References: <BCCEF489.3EFA7%fluffy@cisco.com>
In-Reply-To: <BCCEF489.3EFA7%fluffy@cisco.com>
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Sender: sipping-admin@ietf.org
Errors-To: sipping-admin@ietf.org
X-BeenThere: sipping@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
List-Id: SIPPING Working Group (applications of SIP) <sipping.ietf.org>
List-Post: <mailto:sipping@ietf.org>
List-Help: <mailto:sipping-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.0 required=5.0 tests=AWL autolearn=no version=2.60
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Cullen, Thanks for the comments. Inline: Cullen Jennings wrote: > Few comments on these. > > On draft-camarillo-sipping-exploders-03.txt section 1 - para 2. > > This nicely points out the requirements for exploders - I like it. It does > seem like a reasonable compression scheme would solve this requirement > equally well. Other explained to me this does not work due to inadequacies > in sigcomp but might be worth pointing this out. > > You might make an argument that a solution that took all the final exploded > messages and sent them over an appropriately compressed link uses no more > bandwidth on behalf of the sender than this and resulted in the same > bandwidth usage on the receivers part and therefore the scheme proposed here > was no worse a DOS attack problem than say compressed access links are. Good point. > I imagine recommending logging as a solution for SPAM with exploders is > going to, ah, raise some concerns about the desirability of this scheme. In my opinion, having the exploder assert the identity of the sender would be enough, but some folks had some concerns regarding privacy. That is, the sender does not want the exploder to disclose his identity... we may mention that logging should be used in this case to avoid anonymous spammers, but that in other cases is not needed... > In the section on saying users must agree to receive stuff from an exploder, > it would be nice to say that users must be able to easy revoke this. Having > an explicit SIP mechanism for a user to grant permission to receive > explosions, and more importantly, remove that permission grant, would make > this better. It's interesting, in many ways the exploders is similar to > publish but publish did not seem to have the same range of concerns about > amplification, DOS, and message relay. Might want to figure out how to make > it have the security properties more like publish. I am not sure if we need a *SIP* mechanism for this. Using an out-of-band mechanism such as a web page would work fine. > > On draft-garcia-sipping-message-exploder-00.txt > > The embedded headers in the URI are nice but raise lots of issues. For > example, if I insert a P-Asserted-Identity header with a fake name, will it > be used? Or perhaps a Route header that caused the message to go to someone > that had not agreed to receive exploded messages. > These issues are already described in RFC 3261 talking about clients finding a SIP URI somewhere (e.g., in a web page) and using it. RFC 3261 advices not to populate potentially dangerous headers... the same should apply here. > The " The MESSAGE exploder MUST NOT copy any security body (such as an > S/MIME signed body) addressed to the MESSAGE exploder to the > outgoing MESSAGE request. This includes, e.g., security bodies > signed with the public key of the exploder." > This confuses me. If it was signed, it would be signed with the public key > of the UA sending the request to the exploder? I'm just not sure what you > are getting at with this. Is this the exploder must not relay any S/MIME > body? Yes, it is confusing. The intention of that paragraph was to point out that the exploder should not populate information intended for it (the exploder). We'll rephrase it. > In the security section - last paragraph. Not sure what you are proposing > here. If I wanted to send an encrypted message to A and B, what would I do. > I assume encrypt the List A,B with the public key of the exploder then > provide a copy of the message that was encrypted with a content encryption > key (call it the CEK) then encrypt the CEK with the public key of A and > separately with B then bundle this all up somehow and send it. Yes, that would be the idea. I agree that we need to clarify that. In any case, I have not added mot text to the security considerations sections of all these drafts because I want to have face-to-face discussions before I document the details of the solutions. Once we agree on the way we want to go, I will take care of documenting these types of details. You mention > integrity protection with S/MIME too - are you assuming that the exploder > knows the public key of the UA sending the request? When it comes to integrity protect the contents of the list between the client and the exploder, yes, the exploder would need to know it. > > If the exploder has authenticated the sender, perhaps it should put the > identity of the sender in the From of the messages it sends. This raises > issues with trying to be Anonymous and user an exploder but perhaps this is > a feature not a bug. I agree that privacy should be mentioned in the draft. Thanks for your comments, Gonzalo _______________________________________________ Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping This list is for NEW development of the application of SIP Use sip-implementors@cs.columbia.edu for questions on current sip Use sip@ietf.org for new developments of core SIP
- [Sipping] Exploders drafts Gonzalo Camarillo
- Re: [Sipping] Exploders drafts Cullen Jennings
- Re: [Sipping] Exploders drafts Gonzalo Camarillo
- Re: [Sipping] Exploders drafts Miguel Garcia
- Re: [Sipping] Exploders drafts Cullen Jennings
- Re: [Sipping] Exploders drafts Cullen Jennings