Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS: review: stox-core-04
"Olle E. Johansson" <oej@edvina.net> Mon, 30 September 2013 13:43 UTC
Return-Path: <oej@edvina.net>
X-Original-To: stox@ietfa.amsl.com
Delivered-To: stox@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9929E21F9B7F for <stox@ietfa.amsl.com>; Mon, 30 Sep 2013 06:43:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.049
X-Spam-Level:
X-Spam-Status: No, score=-2.049 tagged_above=-999 required=5 tests=[AWL=-0.320, BAYES_00=-2.599, SARE_MLH_Stock1=0.87]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cxzZS8EMDX1Y for <stox@ietfa.amsl.com>; Mon, 30 Sep 2013 06:43:38 -0700 (PDT)
Received: from smtp7.webway.se (smtp7.webway.se [IPv6:2a02:920:212e::205]) by ietfa.amsl.com (Postfix) with ESMTP id C66E821F9399 for <stox@ietf.org>; Mon, 30 Sep 2013 06:43:36 -0700 (PDT)
Received: from [192.168.40.76] (h87-96-134-129.dynamic.se.alltele.net [87.96.134.129]) by smtp7.webway.se (Postfix) with ESMTPA id F2CCA93C2A3; Mon, 30 Sep 2013 13:43:33 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: "Olle E. Johansson" <oej@edvina.net>
In-Reply-To: <52497E86.5020302@nostrum.com>
Date: Mon, 30 Sep 2013 15:43:33 +0200
Content-Transfer-Encoding: quoted-printable
Message-Id: <77B75929-D2A5-4B75-821B-E637C55B0C95@edvina.net>
References: <E44893DD4E290745BB608EB23FDDB7620A0CE34A@008-AM1MPN1-042.mgdnok.nokia.com> <52458C47.1010702@nostrum.com> <5245AEE7.4010000@stpeter.im> <5248DA2D.7080809@stpeter.im> <52497E86.5020302@nostrum.com>
To: Robert Sparks <rjsparks@nostrum.com>
X-Mailer: Apple Mail (2.1510)
Cc: fluffy@cisco.com, Jon Peterson <jon.peterson@neustar.biz>, stox@ietf.org, "Olle E. Johansson" <oej@edvina.net>, Markus.Isomaki@nokia.com, Peter Saint-Andre <stpeter@stpeter.im>, salvatore.loreto@ericsson.com
Subject: Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS: review: stox-core-04
X-BeenThere: stox@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SIP-TO-XMPP Working Group discussion list <stox.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stox>, <mailto:stox-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stox>
List-Post: <mailto:stox@ietf.org>
List-Help: <mailto:stox-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stox>, <mailto:stox-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Sep 2013 13:43:38 -0000
30 sep 2013 kl. 15:37 skrev Robert Sparks <rjsparks@nostrum.com>: > On 9/29/13 8:55 PM, Peter Saint-Andre wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On 9/27/13 10:14 AM, Peter Saint-Andre wrote: >>> On 9/27/13 7:46 AM, Robert Sparks wrote: >>>> (Adding Jon) >>>> Peter - is there nothing in XMPP that lets a client say "I want >>>> this to use secure transports only - have it fail rather than >>>> use an insecure transport anywhere along its delivery path?" >>> No. That doesn't mean we don't need it (although in general people >>> have thought we *wouldn't* need it if we could just define an >>> end-to-end encryption method that solve all the relevant use >>> cases). >>> >>>> That's the primary property you should discuss. Without putting >>>> a lot of thinking into it, I suspect that if you _don't_ have a >>>> way to express that available (which is what I'm taking away from >>>> your last sentence), the right guidance in the document is to >>>> refuse to gateway a SIP request that expresses that requirement. >>> Indeed, that seems correct. >>> >>> Thanks for the guidance. >> Here is proposed text: >> >> As specified in Section 26.4.4 of [RFC3261], a To header or a >> Request-URI containing a SIPS URI is used to indicate that all hops >> in a communication path need to be protected using Transport Layer >> Security [RFC5246]. Because XMPP lacks a way to signal that all hops >> need to be encrypted, if the To header or Request-URI of a SIP >> message is a SIPS URI then the SIP-to-XMPP gateway MUST NOT translate >> the SIP message into an XMPP stanza and MUST NOT route it to the >> destination XMPP server. > wfm. You might also talk about not using sips when going XMPP->SIP. > If you haven't found it already, see also RFC5630. Agree. It will help a lot of developers to explain that even if you find NAPTR records indicating that a destination ONLY supports TLS connections, you will look up _sips._tcp in SRV but this does NOT mean that you are going to use a SIPS: uri. The _sips SRV tag and the SIPS: uri are unfortunately very similar but not directly related in a confusing way :-) /O
- [Stox] SIPS URIs and SIP/XMPP gateways - WAS: rev… Markus.Isomaki
- Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS:… Robert Sparks
- Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS:… Peter Saint-Andre
- Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS:… Peter Saint-Andre
- Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS:… Robert Sparks
- Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS:… Olle E. Johansson
- Re: [Stox] SIPS URIs and SIP/XMPP gateways - WAS:… Peter Saint-Andre