Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS: review: stox-core-04
Robert Sparks <rjsparks@nostrum.com> Fri, 27 September 2013 13:46 UTC
Return-Path: <rjsparks@nostrum.com>
X-Original-To: stox@ietfa.amsl.com
Delivered-To: stox@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A60ED21F9DBA for <stox@ietfa.amsl.com>; Fri, 27 Sep 2013 06:46:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.165
X-Spam-Level:
X-Spam-Status: No, score=-102.165 tagged_above=-999 required=5 tests=[AWL=-0.435, BAYES_00=-2.599, SARE_MLH_Stock1=0.87, SPF_PASS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QllIckVxWwYx for <stox@ietfa.amsl.com>; Fri, 27 Sep 2013 06:46:55 -0700 (PDT)
Received: from shaman.nostrum.com (nostrum-pt.tunnel.tserv2.fmt.ipv6.he.net [IPv6:2001:470:1f03:267::2]) by ietfa.amsl.com (Postfix) with ESMTP id 7DA8C21F9CA4 for <stox@ietf.org>; Fri, 27 Sep 2013 06:46:53 -0700 (PDT)
Received: from unnumerable.local (pool-71-170-125-188.dllstx.fios.verizon.net [71.170.125.188]) (authenticated bits=0) by shaman.nostrum.com (8.14.3/8.14.3) with ESMTP id r8RDkkqC072845 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=OK); Fri, 27 Sep 2013 08:46:48 -0500 (CDT) (envelope-from rjsparks@nostrum.com)
Message-ID: <52458C47.1010702@nostrum.com>
Date: Fri, 27 Sep 2013 08:46:47 -0500
From: Robert Sparks <rjsparks@nostrum.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Markus.Isomaki@nokia.com
References: <E44893DD4E290745BB608EB23FDDB7620A0CE34A@008-AM1MPN1-042.mgdnok.nokia.com>
In-Reply-To: <E44893DD4E290745BB608EB23FDDB7620A0CE34A@008-AM1MPN1-042.mgdnok.nokia.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Received-SPF: pass (shaman.nostrum.com: 71.170.125.188 is authenticated by a trusted mechanism)
Cc: salvatore.loreto@ericsson.com, fluffy@cisco.com, Jon Peterson <jon.peterson@neustar.biz>, stpeter@stpeter.im, stox@ietf.org
Subject: Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS: review: stox-core-04
X-BeenThere: stox@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SIP-TO-XMPP Working Group discussion list <stox.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stox>, <mailto:stox-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stox>
List-Post: <mailto:stox@ietf.org>
List-Help: <mailto:stox-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stox>, <mailto:stox-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Sep 2013 13:46:56 -0000
(Adding Jon) Peter - is there nothing in XMPP that lets a client say "I want this to use secure transports only - have it fail rather than use an insecure transport anywhere along its delivery path?" That's the primary property you should discuss. Without putting a lot of thinking into it, I suspect that if you _don't_ have a way to express that available (which is what I'm taking away from your last sentence), the right guidance in the document is to refuse to gateway a SIP request that expresses that requirement. Maybe Jon has a different opinion? We can dive into the details of where to look for a sips: URI once we think we're on the same page on that high level principle. RjS On 9/27/13 6:43 AM, Markus.Isomaki@nokia.com wrote: > Hi, > > There was many years ago a lot confusion and discussion about the semantics of the SIPS URIs. > > Robert, Cullen: I recall you were there :-) Would you have guidance to the STOX WG how SIPS URIs should be dealt with when SIP/XMPP gateways are involved. Please check Peter's exact question from below. > > Regards, > Markus > > >> -----Original Message----- >> From: stox-bounces@ietf.org [mailto:stox-bounces@ietf.org] On Behalf Of >> ext Peter Saint-Andre >> Sent: 24 September, 2013 02:55 >> To: Salvatore Loreto >> Cc: stox@ietf.org >> Subject: Re: [Stox] review: stox-core-04 >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On 9/20/13 3:39 AM, Salvatore Loreto wrote: >>> I have reviewed the core-04 draft, and I think that is almost ready >>> for the WGLC >>> >>> I have one general comment (btw I apologize in advance if this has >>> already been discussed and I have overlooked or forgot it) and it is >>> about the fact that draft does not talk at all about the inter working >>> when secure URIs are involved. I think that at least we should say >>> something about in the Security consideration. >> Good catch. After reading and re-reading Section 26.4.4 of RFC 3261, I have to >> admit that I'm not sure exactly how SIP entities are supposed to handle SIPS >> URIs. Even if we understand those requirements, I'm also not sure how they >> would apply to the XMPP side of the communications path. At the least, it >> seems we'd want to specify that if the To header or Request-URI is a SIPS >> URI, then the SIP-to-XMPP gateway needs to connect to the XMPP server >> over a TLS-protected stream. However, do we also need to stipulate that the >> XMPP server-to-client connection is TLS-protected? If so, how would the >> gateway associated with the XMPP server ensure that? (The gateway might >> be an external component of the XMPP server, without control over how the >> XMPP server communicates with XMPP clients.) >> >> Peter >> >> - -- >> Peter Saint-Andre >> https://stpeter.im/ >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG/MacGPG2 v2.0.19 (Darwin) >> Comment: GPGTools - http://gpgtools.org >> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ >> >> iQIcBAEBAgAGBQJSQNS6AAoJEOoGpJErxa2pueYQAJFMEL4C00F37XDdk9uvA >> DsP >> 3MM9Si1gIYTmIdI4bW4HY8A5LfggByoT17SD/fYjDoescHfhxO4nb8EP/ElUq0lY >> uTeUBl9fi+PQUwQweZS4O/inQAucUTWjf6NAk3x4ETN6ct0dUwXgzj1avmu7o >> O9G >> t4STEtxtxSHMMjFUacCyHxTYp0b9fSCExUScsGHeM7RJtS4oUrxI8Rb8QNDH8b >> ZV >> CFo52opkkYBkjZFfIjMGHLzrMNR66G0C9Cbvx+SIy1hhM2iCqWtS50+KMcWBz >> g7c >> Vog96pNL/li27U18ZAR5kXMT7hbNj/eV2Na6WXPw0ITJ1LtcR2TNbyvJ66U//b0 >> g >> Ba5R6Dwk7QfBjW1MQ1W79VOZsRga9RYjEuxKtJ+acZeoL/kLSikEZn0o1N+FXtz >> t >> A0sR0Hovx6jyPDodkrP4R62uhdUdDWXIcLgVOiNTtS9Hbu+RPhDOmsvAA/OyF >> t23 >> u8nqBLocb57Mxwvk2b9FMGrBa5aQD2dsSiyfEXtMDlOYlxlBYa7vBoVyI8GPLIb >> m >> sTRPDjN0NvAmokzSWlcA8T2PwnXu06N3UOctw7eVZPoFIE6yk0t/kMNhofMx >> q/EV >> 4K+tnU1I3w/irDTYA8g3zRfCpbs+RlmGG9pgpN9iOFdas9AQe1jS1rZp3H8C/TG >> U >> DM4DbC4CrD0Itj2y0pBp >> =VUg1 >> -----END PGP SIGNATURE----- >> _______________________________________________ >> stox mailing list >> stox@ietf.org >> https://www.ietf.org/mailman/listinfo/stox
- [Stox] SIPS URIs and SIP/XMPP gateways - WAS: rev… Markus.Isomaki
- Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS:… Robert Sparks
- Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS:… Peter Saint-Andre
- Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS:… Peter Saint-Andre
- Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS:… Robert Sparks
- Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS:… Olle E. Johansson
- Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS:… Peter Saint-Andre