RE: [Sip] RE: Use of AIB in referredby

["Mary Barnes" <mbarnes@nortelnetworks.com>]

My general preference is to be more explicit and towards that end I would
think a different Content-Disposition disposition-type could be useful.
That said, if AIB were as general as Robert suggested initially, then it
could possibly be reused even for the Inserted headers (like History-Info),
where I'm currently modeling the solution after AIB, but was planning on a
new Content-Disposition disposition-type.  However, even I would agree that
the Inserted Headers are more different than the original intent of AIB than
the Referred-by use and again I do prefer to be more explicit.

Mary.

-----Original Message-----
From: Peterson, Jon [mailto:jon.peterson@neustar.biz]
Sent: Friday, June 13, 2003 2:17 AM
To: 'Robert Sparks'; sip@ietf.org
Subject: [Sip] RE: Use of AIB in referredby



I look at the AIB as the application of sipfrags to the problem described in
RFC3261 23.4 - the tunneling of integrity and authentication properties
within the MIME bodies of SIP messages. In the AIB, these properties are
intended to provide identity, hence the name 'authenticated identity body'.
I think that the usage in referredby is sufficiently close to that purpose,
providing authenticated identity within a body, that I don't think we have a
problem with reuse of the term.

The real question, I think, is whether or not there is any value in
differentiating an AIB resulting from a REFER from any other AIB (such as a
'normal' one representing the sender of an INVITE) that might be in a
request. Surely these need to be differentiated somehow - the signature on
the AIB itself would be one indicator, as would the headers in the body, but
Content-Disposition is another point at which the two could be
distinguished. 

I don't have a strong intuition about whether or not the use of a different
Content-Disposition would be valuable.

Jon Peterson
NeuStar, Inc.

> -----Original Message-----
> From: Robert Sparks [mailto:rsparks@dynamicsoft.com]
> Sent: Monday, June 09, 2003 1:00 PM
> To: sip@ietf.org
> Cc: Jon Peterson
> Subject: Use of AIB in referredby
> 
> 
> Several weeks ago, Pekka made a suggestion that I would like to
> follow up on now (sorry for the very long delay Pekka). His 
> suggestion was to use a different Content-Disposition
> disposition-type for referredby-tokens.
> 
> This draws attention to what the "aib" value means. 
> 
> Is it merely a synonym for "signed message/sipfrag"? If so, the
> authid-body draft defines the value _and_ specifies one particular
> use of a body with that disposition type (providing integrity and
> authentication of sender for a single message). Other uses are valid,
> so we should reuse it and not add noise to the IANA registry.
> 
> If, instead, "aib" means "signed message/sipfrag with these
> particular security implications", then our referredby token
> is _not_ an aib. It's something _like_ an aib, but with 
> slightly different requirements, and artifacts in the protocol
> (like the disposition-type) should probably reflect that. If this
> is the case, referredby could register something like "RBIB"
> (ReferredBy Identity Body), or, treading much more dangerous ground,
> "TPIB" (Third Party Identity Body).
> 
> So, which of the above meanings for AIB is auth-id body establishing?
> 
> RjS
> 
> 
_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip
_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip