Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS: review: stox-core-04
Peter Saint-Andre <stpeter@stpeter.im> Mon, 30 September 2013 14:56 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: stox@ietfa.amsl.com
Delivered-To: stox@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3AB7F21F9A19 for <stox@ietfa.amsl.com>; Mon, 30 Sep 2013 07:56:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.851
X-Spam-Level:
X-Spam-Status: No, score=-101.851 tagged_above=-999 required=5 tests=[AWL=-0.122, BAYES_00=-2.599, SARE_MLH_Stock1=0.87, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JG6WoCL82XjL for <stox@ietfa.amsl.com>; Mon, 30 Sep 2013 07:56:48 -0700 (PDT)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id 1854F21F9A65 for <stox@ietf.org>; Mon, 30 Sep 2013 07:56:48 -0700 (PDT)
Received: from ergon.local (unknown [71.237.13.154]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id D3D9B414CD; Mon, 30 Sep 2013 09:02:16 -0600 (MDT)
Message-ID: <5249912E.6060104@stpeter.im>
Date: Mon, 30 Sep 2013 08:56:46 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: "Olle E. Johansson" <oej@edvina.net>
References: <E44893DD4E290745BB608EB23FDDB7620A0CE34A@008-AM1MPN1-042.mgdnok.nokia.com> <52458C47.1010702@nostrum.com> <5245AEE7.4010000@stpeter.im> <5248DA2D.7080809@stpeter.im> <52497E86.5020302@nostrum.com> <77B75929-D2A5-4B75-821B-E637C55B0C95@edvina.net>
In-Reply-To: <77B75929-D2A5-4B75-821B-E637C55B0C95@edvina.net>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: fluffy@cisco.com, Jon Peterson <jon.peterson@neustar.biz>, stox@ietf.org, Markus.Isomaki@nokia.com, salvatore.loreto@ericsson.com, Robert Sparks <rjsparks@nostrum.com>
Subject: Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS: review: stox-core-04
X-BeenThere: stox@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SIP-TO-XMPP Working Group discussion list <stox.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stox>, <mailto:stox-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stox>
List-Post: <mailto:stox@ietf.org>
List-Help: <mailto:stox-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stox>, <mailto:stox-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Sep 2013 14:56:53 -0000
On 9/30/13 7:43 AM, Olle E. Johansson wrote: > > 30 sep 2013 kl. 15:37 skrev Robert Sparks <rjsparks@nostrum.com>: > >> On 9/29/13 8:55 PM, Peter Saint-Andre wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> On 9/27/13 10:14 AM, Peter Saint-Andre wrote: >>>> On 9/27/13 7:46 AM, Robert Sparks wrote: >>>>> (Adding Jon) >>>>> Peter - is there nothing in XMPP that lets a client say "I want >>>>> this to use secure transports only - have it fail rather than >>>>> use an insecure transport anywhere along its delivery path?" >>>> No. That doesn't mean we don't need it (although in general people >>>> have thought we *wouldn't* need it if we could just define an >>>> end-to-end encryption method that solve all the relevant use >>>> cases). >>>> >>>>> That's the primary property you should discuss. Without putting >>>>> a lot of thinking into it, I suspect that if you _don't_ have a >>>>> way to express that available (which is what I'm taking away from >>>>> your last sentence), the right guidance in the document is to >>>>> refuse to gateway a SIP request that expresses that requirement. >>>> Indeed, that seems correct. >>>> >>>> Thanks for the guidance. >>> Here is proposed text: >>> >>> As specified in Section 26.4.4 of [RFC3261], a To header or a >>> Request-URI containing a SIPS URI is used to indicate that all hops >>> in a communication path need to be protected using Transport Layer >>> Security [RFC5246]. Because XMPP lacks a way to signal that all hops >>> need to be encrypted, if the To header or Request-URI of a SIP >>> message is a SIPS URI then the SIP-to-XMPP gateway MUST NOT translate >>> the SIP message into an XMPP stanza and MUST NOT route it to the >>> destination XMPP server. >> wfm. You might also talk about not using sips when going XMPP->SIP. >> If you haven't found it already, see also RFC5630. > > Agree. It will help a lot of developers to explain that even if you find NAPTR > records indicating that a destination ONLY supports TLS connections, > you will look up _sips._tcp in SRV but this does NOT mean that you are going > to use a SIPS: uri. The _sips SRV tag and the SIPS: uri are unfortunately > very similar but not directly related in a confusing way :-) Thanks for the notes. I'll review those today. Peter -- Peter Saint-Andre https://stpeter.im/
- [Stox] SIPS URIs and SIP/XMPP gateways - WAS: rev… Markus.Isomaki
- Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS:… Robert Sparks
- Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS:… Peter Saint-Andre
- Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS:… Peter Saint-Andre
- Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS:… Robert Sparks
- Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS:… Olle E. Johansson
- Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS:… Peter Saint-Andre