Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS: review: stox-core-04

Peter Saint-Andre <> Mon, 30 September 2013 14:56 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3AB7F21F9A19 for <>; Mon, 30 Sep 2013 07:56:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -101.851
X-Spam-Status: No, score=-101.851 tagged_above=-999 required=5 tests=[AWL=-0.122, BAYES_00=-2.599, SARE_MLH_Stock1=0.87, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id JG6WoCL82XjL for <>; Mon, 30 Sep 2013 07:56:48 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 1854F21F9A65 for <>; Mon, 30 Sep 2013 07:56:48 -0700 (PDT)
Received: from ergon.local (unknown []) (Authenticated sender: stpeter) by (Postfix) with ESMTPSA id D3D9B414CD; Mon, 30 Sep 2013 09:02:16 -0600 (MDT)
Message-ID: <>
Date: Mon, 30 Sep 2013 08:56:46 -0600
From: Peter Saint-Andre <>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: "Olle E. Johansson" <>
References: <> <> <> <> <> <>
In-Reply-To: <>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc:, Jon Peterson <>,,,, Robert Sparks <>
Subject: Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS: review: stox-core-04
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SIP-TO-XMPP Working Group discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 30 Sep 2013 14:56:53 -0000

On 9/30/13 7:43 AM, Olle E. Johansson wrote:
> 30 sep 2013 kl. 15:37 skrev Robert Sparks <>om>:
>> On 9/29/13 8:55 PM, Peter Saint-Andre wrote:
>>> Hash: SHA1
>>> On 9/27/13 10:14 AM, Peter Saint-Andre wrote:
>>>> On 9/27/13 7:46 AM, Robert Sparks wrote:
>>>>> (Adding Jon)
>>>>> Peter - is there nothing in XMPP that lets a client say "I want
>>>>> this to use secure transports only - have it fail rather than
>>>>> use an insecure transport anywhere along its delivery path?"
>>>> No. That doesn't mean we don't need it (although in general people
>>>> have thought we *wouldn't* need it if we could just define an
>>>> end-to-end encryption method that solve all the relevant use
>>>> cases).
>>>>> That's the primary property you should discuss. Without putting
>>>>> a lot of thinking into it, I suspect that if you _don't_ have a
>>>>> way to express that available (which is what I'm taking away from
>>>>> your last sentence), the right guidance in the document is to
>>>>> refuse to gateway a SIP request that expresses that requirement.
>>>> Indeed, that seems correct.
>>>> Thanks for the guidance.
>>> Here is proposed text:
>>>    As specified in Section 26.4.4 of [RFC3261], a To header or a
>>>    Request-URI containing a SIPS URI is used to indicate that all hops
>>>    in a communication path need to be protected using Transport Layer
>>>    Security [RFC5246].  Because XMPP lacks a way to signal that all hops
>>>    need to be encrypted, if the To header or Request-URI of a SIP
>>>    message is a SIPS URI then the SIP-to-XMPP gateway MUST NOT translate
>>>    the SIP message into an XMPP stanza and MUST NOT route it to the
>>>    destination XMPP server.
>> wfm. You might also talk about not using sips when going XMPP->SIP.
>> If you haven't found it already, see also RFC5630.
> Agree. It will help a lot of developers to explain that even if you find NAPTR
> records indicating that a destination ONLY supports TLS connections,
> you will look up _sips._tcp in SRV but this does NOT mean that you are going
> to use a SIPS: uri. The _sips SRV tag and the SIPS: uri are unfortunately
> very similar but not directly related in a confusing way :-)

Thanks for the notes. I'll review those today.


Peter Saint-Andre