Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS: review: stox-core-04

Peter Saint-Andre <stpeter@stpeter.im> Mon, 30 September 2013 01:56 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: stox@ietfa.amsl.com
Delivered-To: stox@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D49021F9B25 for <stox@ietfa.amsl.com>; Sun, 29 Sep 2013 18:56:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.848
X-Spam-Level:
X-Spam-Status: No, score=-101.848 tagged_above=-999 required=5 tests=[AWL=-0.119, BAYES_00=-2.599, SARE_MLH_Stock1=0.87, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n6lkqpV3nQBt for <stox@ietfa.amsl.com>; Sun, 29 Sep 2013 18:56:00 -0700 (PDT)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 14A6F21F9B21 for <stox@ietf.org>; Sun, 29 Sep 2013 18:56:00 -0700 (PDT)
Received: from ergon.local (unknown [71.237.13.154]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 9536C414CD; Sun, 29 Sep 2013 20:01:26 -0600 (MDT)
Message-ID: <5248DA2D.7080809@stpeter.im>
Date: Sun, 29 Sep 2013 19:55:57 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Robert Sparks <rjsparks@nostrum.com>
References: <E44893DD4E290745BB608EB23FDDB7620A0CE34A@008-AM1MPN1-042.mgdnok.nokia.com> <52458C47.1010702@nostrum.com> <5245AEE7.4010000@stpeter.im>
In-Reply-To: <5245AEE7.4010000@stpeter.im>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: salvatore.loreto@ericsson.com, fluffy@cisco.com, Markus.Isomaki@nokia.com, Jon Peterson <jon.peterson@neustar.biz>, stox@ietf.org
Subject: Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS: review: stox-core-04
X-BeenThere: stox@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SIP-TO-XMPP Working Group discussion list <stox.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stox>, <mailto:stox-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stox>
List-Post: <mailto:stox@ietf.org>
List-Help: <mailto:stox-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stox>, <mailto:stox-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Sep 2013 01:56:10 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 9/27/13 10:14 AM, Peter Saint-Andre wrote:
> On 9/27/13 7:46 AM, Robert Sparks wrote:
>> (Adding Jon)
> 
>> Peter - is there nothing in XMPP that lets a client say "I want 
>> this to use secure transports only - have it fail rather than
>> use an insecure transport anywhere along its delivery path?"
> 
> No. That doesn't mean we don't need it (although in general people 
> have thought we *wouldn't* need it if we could just define an 
> end-to-end encryption method that solve all the relevant use
> cases).
> 
>> That's the primary property you should discuss. Without putting
>> a lot of thinking into it, I suspect that if you _don't_ have a
>> way to express that available (which is what I'm taking away from
>> your last sentence), the right guidance in the document is to
>> refuse to gateway a SIP request that expresses that requirement.
> 
> Indeed, that seems correct.
> 
> Thanks for the guidance.

Here is proposed text:

   As specified in Section 26.4.4 of [RFC3261], a To header or a
   Request-URI containing a SIPS URI is used to indicate that all hops
   in a communication path need to be protected using Transport Layer
   Security [RFC5246].  Because XMPP lacks a way to signal that all hops
   need to be encrypted, if the To header or Request-URI of a SIP
   message is a SIPS URI then the SIP-to-XMPP gateway MUST NOT translate
   the SIP message into an XMPP stanza and MUST NOT route it to the
   destination XMPP server.

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSSNotAAoJEOoGpJErxa2pAbMQALNKvkSDQLr5yj/4GBaR0qep
AMI3pFQ9DdjYPQHaNt/OZRJ22K0XfSbRTEHPRsuld1r2vmMLKRoCh6dxc35TGCYw
5DyolpraQfPE+3zBvlLONtisIbTxNeha20taL6Sbb67pnLJ8xPArn/yHY56Pwq30
PRcffweaNEBlIB26nGiEKshTn/zdmhls59lW6tM+1NuO0DsYdydtO8Ikm4PjLFST
GoEihN06Uttw3Jgt08kl1q6fsy3GAjsUaikItjijuKGhQG598YQTE7SbKqxo5mwX
h5FT+mdTsGO9lPvPg/+MqMAcXFZOHFbixHMNK/kHmDnnDBbq3EOyDj7Jtn5RuSbw
OSgz0vXtmJnCrWkMHMmZtJdS9ixYu3/FEbolagjGte2Ug+1atO8kJPn0zXgZsMk2
qg3eK2SpRjWrT7aB8mC9Pquj0YSL6KXUDW4G7it16XGd0mome0FqdNjBWXmnBEfK
5C7vGTXbp9xswLPki/ga3i9dM1scSnKOsL16MaTOysAyNZAelcwB7Xgds5AJGN5g
qJ/sLpzTagC1njDulceHHnTYqS9gnkeR1lBcnBsuS6baDtWBcHDfI8vdpu5qQm8k
1QTDnkFjTBeij3PF1SCcP8M2bIYJhwnaaC0Vp8SmygvgaWiD4ttJinC6PlBuY9MQ
guqUK2QaJI+SvnADH69K
=aHme
-----END PGP SIGNATURE-----