Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS: review: stox-core-04
Peter Saint-Andre <stpeter@stpeter.im> Mon, 30 September 2013 01:56 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: stox@ietfa.amsl.com
Delivered-To: stox@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D49021F9B25 for <stox@ietfa.amsl.com>; Sun, 29 Sep 2013 18:56:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.848
X-Spam-Level:
X-Spam-Status: No, score=-101.848 tagged_above=-999 required=5 tests=[AWL=-0.119, BAYES_00=-2.599, SARE_MLH_Stock1=0.87, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n6lkqpV3nQBt for <stox@ietfa.amsl.com>; Sun, 29 Sep 2013 18:56:00 -0700 (PDT)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 14A6F21F9B21 for <stox@ietf.org>; Sun, 29 Sep 2013 18:56:00 -0700 (PDT)
Received: from ergon.local (unknown [71.237.13.154]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 9536C414CD; Sun, 29 Sep 2013 20:01:26 -0600 (MDT)
Message-ID: <5248DA2D.7080809@stpeter.im>
Date: Sun, 29 Sep 2013 19:55:57 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Robert Sparks <rjsparks@nostrum.com>
References: <E44893DD4E290745BB608EB23FDDB7620A0CE34A@008-AM1MPN1-042.mgdnok.nokia.com> <52458C47.1010702@nostrum.com> <5245AEE7.4010000@stpeter.im>
In-Reply-To: <5245AEE7.4010000@stpeter.im>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: salvatore.loreto@ericsson.com, fluffy@cisco.com, Markus.Isomaki@nokia.com, Jon Peterson <jon.peterson@neustar.biz>, stox@ietf.org
Subject: Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS: review: stox-core-04
X-BeenThere: stox@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SIP-TO-XMPP Working Group discussion list <stox.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stox>, <mailto:stox-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stox>
List-Post: <mailto:stox@ietf.org>
List-Help: <mailto:stox-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stox>, <mailto:stox-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Sep 2013 01:56:10 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 9/27/13 10:14 AM, Peter Saint-Andre wrote: > On 9/27/13 7:46 AM, Robert Sparks wrote: >> (Adding Jon) > >> Peter - is there nothing in XMPP that lets a client say "I want >> this to use secure transports only - have it fail rather than >> use an insecure transport anywhere along its delivery path?" > > No. That doesn't mean we don't need it (although in general people > have thought we *wouldn't* need it if we could just define an > end-to-end encryption method that solve all the relevant use > cases). > >> That's the primary property you should discuss. Without putting >> a lot of thinking into it, I suspect that if you _don't_ have a >> way to express that available (which is what I'm taking away from >> your last sentence), the right guidance in the document is to >> refuse to gateway a SIP request that expresses that requirement. > > Indeed, that seems correct. > > Thanks for the guidance. Here is proposed text: As specified in Section 26.4.4 of [RFC3261], a To header or a Request-URI containing a SIPS URI is used to indicate that all hops in a communication path need to be protected using Transport Layer Security [RFC5246]. Because XMPP lacks a way to signal that all hops need to be encrypted, if the To header or Request-URI of a SIP message is a SIPS URI then the SIP-to-XMPP gateway MUST NOT translate the SIP message into an XMPP stanza and MUST NOT route it to the destination XMPP server. Peter - -- Peter Saint-Andre https://stpeter.im/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.19 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSSNotAAoJEOoGpJErxa2pAbMQALNKvkSDQLr5yj/4GBaR0qep AMI3pFQ9DdjYPQHaNt/OZRJ22K0XfSbRTEHPRsuld1r2vmMLKRoCh6dxc35TGCYw 5DyolpraQfPE+3zBvlLONtisIbTxNeha20taL6Sbb67pnLJ8xPArn/yHY56Pwq30 PRcffweaNEBlIB26nGiEKshTn/zdmhls59lW6tM+1NuO0DsYdydtO8Ikm4PjLFST GoEihN06Uttw3Jgt08kl1q6fsy3GAjsUaikItjijuKGhQG598YQTE7SbKqxo5mwX h5FT+mdTsGO9lPvPg/+MqMAcXFZOHFbixHMNK/kHmDnnDBbq3EOyDj7Jtn5RuSbw OSgz0vXtmJnCrWkMHMmZtJdS9ixYu3/FEbolagjGte2Ug+1atO8kJPn0zXgZsMk2 qg3eK2SpRjWrT7aB8mC9Pquj0YSL6KXUDW4G7it16XGd0mome0FqdNjBWXmnBEfK 5C7vGTXbp9xswLPki/ga3i9dM1scSnKOsL16MaTOysAyNZAelcwB7Xgds5AJGN5g qJ/sLpzTagC1njDulceHHnTYqS9gnkeR1lBcnBsuS6baDtWBcHDfI8vdpu5qQm8k 1QTDnkFjTBeij3PF1SCcP8M2bIYJhwnaaC0Vp8SmygvgaWiD4ttJinC6PlBuY9MQ guqUK2QaJI+SvnADH69K =aHme -----END PGP SIGNATURE-----
- [Stox] SIPS URIs and SIP/XMPP gateways - WAS: rev… Markus.Isomaki
- Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS:… Robert Sparks
- Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS:… Peter Saint-Andre
- Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS:… Peter Saint-Andre
- Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS:… Robert Sparks
- Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS:… Olle E. Johansson
- Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS:… Peter Saint-Andre