[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Simple] MSRP-ACM Discussion Summary

To: Simple WG <simple at ietf.org>
Subject: [Simple] MSRP-ACM Discussion Summary
From: Ben Campbell <ben at nostrum.com>
Date: Mon, 18 May 2009 16:11:55 -0500
Delivered-to: simple at core3.amsl.com
List-archive: <http://www.ietf.org/mail-archive/web/simple>
List-help: <mailto:simple-request@ietf.org?subject=help>
List-id: SIP for Instant Messaging and Presence Leveraging Extensions <simple.ietf.org>
List-post: <mailto:simple@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/simple>, <mailto:simple-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/simple>, <mailto:simple-request@ietf.org?subject=unsubscribe>

(As individual)

The discussion thread on MSRP-ACM seems to be dying out, and I don'tthink we've reached closure on most of it. In order to jump start it,I am going to attempt to summarize the issues that I think are stillopen. I will start separate threads for each issue. Please reply to_this_ message to comment on whether I have offered a fair summary, ormischaracterized or omitted anything material. Please reply to thespecific issue threads to discuss the issues themselves.

1) We have consensus that the transport address connection parts(section 4.2 of draft-ietf-simple-msrp-acm-00) must allow backwardscompatibility with a peer that uses an RFC4976 MSRP relay. We have hadone proposal on how to accomplish this, which involved updating 4975to allow a middlebox to modify the authority part of an MSRP(S) URI inthe SDP "a=path" property.

We further determined that this proposal may interfere with the use ofMSRPS URIs (i.e. TLS) in the case where said middlebox is transparentto TLS. It modified an MSRPS URI to point to itself, but transparentlyrelays the TLS handshake to a relay (or other MSRP device that uses aTLS server cert.). The modified URI no longer matches the server cert,so things break.

We've had some discussion about using the comedia-TLS fingerprintmechanism for certificate matching rather than SubjectAltName matchingto get around this issue. This discussion is far from "baked". We'vealso had some objection (primarily from Jon) to doing work around anew class of MSRP TLS intermediary without better describing thatintermediary, as well as concerns (primarily from Ben ) aboutstandardizing MSRP mechanisms to work with non-standardizedmiddleboxes without a better understanding of them.

2) We have little or no objection to the usage of the comedia "setup"attribute (section 4.1 of draft-ietf-simple-msrp-acm-00. )


Is this a fair summary? Have I mischaracterized or missed anything?

Follow-Ups:
- Re: [Simple] MSRP-ACM Discussion Summary
  - From: Ben Campbell

Prev by Date: Re: [Simple] MSRP-ACM compatibility
Next by Date: Re: [Simple] MSRP-ACM compatibility
Previous by thread: Re: [Simple] WGLC Review: draft-ietf-simple-chat-04
Next by thread: Re: [Simple] MSRP-ACM Discussion Summary
Index(es):
- Date
- Thread