Re: [Stox] I-D Action: draft-ietf-stox-im-04.txt - forking MESSAGE

"Olle E. Johansson" <oej@edvina.net> Thu, 03 October 2013 06:33 UTC

Return-Path: <oej@edvina.net>
X-Original-To: stox@ietfa.amsl.com
Delivered-To: stox@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 429AB21F9360 for <stox@ietfa.amsl.com>; Wed, 2 Oct 2013 23:33:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.728
X-Spam-Level:
X-Spam-Status: No, score=-1.728 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, SARE_MLH_Stock1=0.87]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jaw0r9xG5uq7 for <stox@ietfa.amsl.com>; Wed, 2 Oct 2013 23:33:04 -0700 (PDT)
Received: from smtp7.webway.se (smtp7.webway.se [IPv6:2a02:920:212e::205]) by ietfa.amsl.com (Postfix) with ESMTP id 0236821F9EAD for <stox@ietf.org>; Wed, 2 Oct 2013 23:32:44 -0700 (PDT)
Received: from [192.168.40.16] (h87-96-134-129.dynamic.se.alltele.net [87.96.134.129]) by smtp7.webway.se (Postfix) with ESMTPA id 7453B93C2A1; Thu, 3 Oct 2013 06:32:41 +0000 (UTC)
Content-Type: multipart/alternative; boundary="Apple-Mail=_C89F650C-BFF4-4E0B-8EB4-CBCC15BEE14E"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: "Olle E. Johansson" <oej@edvina.net>
In-Reply-To: <524CA1CD.2060301@stpeter.im>
Date: Thu, 3 Oct 2013 08:32:40 +0200
Message-Id: <31791EBC-47AE-4CF4-B3DB-D9991CDF51A4@edvina.net>
References: <20130930215620.31558.59064.idtracker@ietfa.amsl.com> <524A7056.20900@gmail.com> <EBF04D25-027D-4C5C-BF14-0D51A215587D@edvina.net> <524CA1CD.2060301@stpeter.im>
To: Peter Saint-Andre <stpeter@stpeter.im>
X-Mailer: Apple Mail (2.1510)
Cc: stox@ietf.org, "Olle E. Johansson" <oej@edvina.net>
Subject: Re: [Stox] I-D Action: draft-ietf-stox-im-04.txt - forking MESSAGE
X-BeenThere: stox@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SIP-TO-XMPP Working Group discussion list <stox.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stox>, <mailto:stox-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stox>
List-Post: <mailto:stox@ietf.org>
List-Help: <mailto:stox-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stox>, <mailto:stox-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Oct 2013 06:33:11 -0000

3 okt 2013 kl. 00:44 skrev Peter Saint-Andre <stpeter@stpeter.im>im>:

>> - A SIP MESSAGE can fork. The draft doesn't mention that,
>> something that may have impact on implementations. There's a JID on
>> one side - but a forking address on the other side of this spec. -
>> A SIP MESSAGE can be delivered inside of a dialog and outside of a
>> dialog. Inside of a dialog is maybe out of scope for this draft,
>> but in that case the remote target will be a contact address, maybe
>> even a GRUU.
> 
> Hmm, and here I thought we might be able to discuss forking only in
> the media I-D. But I think you're right that we need to discuss it
> here, too. What specification has the best coverage of forking? Or is
> this part of the "oral tradition" in the SIP community?

Forking is covered in RFC 3261. Luckily there's no "early text" or that kind of issues
with forking a message - you will only get one 200 OK back (as opposed to INVITE),
which also means you will not see how many destinations that got the MESSAGE.
You can not CANCEL a MESSAGE either. You may get authentication requests as always.

RFC 4328 states:

"When one user wishes to send an instant message to another, the
   sender formulates and issues a SIP request using the new MESSAGE
   method defined by this document.  The Request-URI of this request
   will normally be the "address of record" for the recipient of the
   instant message, but it may be a device address in situations where
   the client has current information about the recipient's location."

So if you have a subscription for registration information on the AOR,
you might select a contact/GRUU to send a message too. 

It also states:

"Note that a downstream proxy could fork a MESSAGE request.  If this
   occurs, the forking proxy will forward one final response upstream,
   even though it may receive multiple final responses.  The UAC will
   have no way to detect whether or not a fork occurs.  Therefore the
   UAC MUST NOT assume that a given final response represents the only
   UAS that receives the request.  For example, multiple branches of a
   fork could have resulted in 2xx responses.  Even though the UAC only
   sees one of those responses, the request has in fact been received by
   the second device as well.
"

All of this makes MESSAGE quite a poor solution for messages you want kept private.
You don't know where it's sent and even if there's authentication on the receiving side,
anyone that gets the unauthenticated request still can access the message unless
of course there's S/MIME involved. 

Well, there was a reason MSRP was developed later. ;-)


/O