[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Sip] RE: TLS meaning

To: "Michael Thomas" <mat at cisco.com>
Subject: RE: [Sip] RE: TLS meaning
From: "Francois Audet" <audet at nortel.com>
Date: Fri, 27 Oct 2006 18:26:03 -0500
Cc: IETF SIP List <sip at ietf.org>
In-reply-to: <45429425.1020602@cisco.com>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
Thread-index: Acb6HnaoraB5KHLIS0ikZAADrG7rQQAAIYUA
Thread-topic: [Sip] RE: TLS meaning

 

> -----Original Message-----
> From: Michael Thomas [mailto:mat at cisco.com] 
> Sent: Friday, October 27, 2006 4:20 PM
> To: Audet, Francois (SC100:3055)
> Cc: IETF SIP List
> Subject: Re: [Sip] RE: TLS meaning
> 
> Francois Audet wrote:
> 
> >Please calm down.
> >
> >Here is one simple scenario.
> >
> >I deploy an Enteprise SIP network. I install 10 SIP proxies 
> accross the 
> >Corporate Network. All the proxies are certified to properly 
> implement 
> >SIPS. All the phones are also certified to implement SIPS 
> properly. I 
> >know, because I am responsible for the network.
> >
> >An end user can call another end-user within that network with the 
> >certitude that if sips is used, it will be secured end-to-end.
> >
> 
> How about an example when it's not all within the same 
> administrative entity. How abouts some examples that 
> resemble, oh say, the mail system.
> These have always been where my concerns are. Within my own 
> domain, I don't need SIPS; I can do that by executive fiat.

In that case, if you don't have trust with them, then don't use
sips. As simple as that.

Yes you need sips in your own domain, because some devices support TLS, 
others don't. Some users want to be addressed securily, others don't.



_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip





5-Ny
	for sip at ietf.org; Fri, 27 Oct 2006 19:26:10 -0400
Received: from zrtps0kn.nortel.com ([47.140.192.55])
	by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gdb5V-0001wM-FN
	for sip at ietf.org; Fri, 27 Oct 2006 19:26:10 -0400
Received: from zrc2hxm0.corp.nortel.com (zrc2hxm0.corp.nortel.com
	[47.103.123.71])
	by zrtps0kn.nortel.com (Switch-2.2.6/Switch-2.2.0) with ESMTP id
	k9RNQ5P04415; Fri, 27 Oct 2006 19:26:06 -0400 (EDT)
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Sip] RE: TLS meaning
Date: Fri, 27 Oct 2006 18:26:03 -0500
Message-ID: <1ECE0EB50388174790F9694F77522CCF0DC29639 at zrc2hxm0.corp.nortel.com>
In-Reply-To: <45429425.1020602 at cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Sip] RE: TLS meaning
Thread-Index: Acb6HnaoraB5KHLIS0ikZAADrG7rQQAAIYUA
From: "Francois Audet" <audet at nortel.com>
To: "Michael Thomas" <mat at cisco.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7baded97d9887f7a0c7e8a33c2e3ea1b
Cc: IETF SIP List <sip at ietf.org>
X-BeenThere: sip at ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>,
	<mailto:sip-request at ietf.org?subject=unsubscribe>
List-Post: <mailto:sip at ietf.org>
List-Help: <mailto:sip-request at ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>,
	<mailto:sip-request at ietf.org?subject=subscribe>
Errors-To: sip-bounces at ietf.org

 

> -----Original Message-----
> From: Michael Thomas [mailto:mat at cisco.com] 
> Sent: Friday, October 27, 2006 4:20 PM
> To: Audet, Francois (SC100:3055)
> Cc: IETF SIP List
> Subject: Re: [Sip] RE: TLS meaning
> 
> Francois Audet wrote:
> 
> >Please calm down.
> >
> >Here is one simple scenario.
> >
> >I deploy an Enteprise SIP network. I install 10 SIP proxies 
> accross the 
> >Corporate Network. All the proxies are certified to properly 
> implement 
> >SIPS. All the phones are also certified to implement SIPS 
> properly. I 
> >know, because I am responsible for the network.
> >
> >An end user can call another end-user within that network with the 
> >certitude that if sips is used, it will be secured end-to-end.
> >
> 
> How about an example when it's not all within the same 
> administrative entity. How abouts some examples that 
> resemble, oh say, the mail system.
> These have always been where my concerns are. Within my own 
> domain, I don't need SIPS; I can do that by executive fiat.

In that case, if you don't have trust with them, then don't use
sips. As simple as that.

Yes you need sips in your own domain, because some devices support TLS, 
others don't. Some users want to be addressed securily, others don't.



_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

Follow-Ups:
- Re: [Sip] RE: TLS meaning
  - From: Michael Thomas

References:
- Re: [Sip] RE: TLS meaning
  - From: Michael Thomas

Prev by Date: [no subject]
Next by Date: [Sip] Feedback Requested: draft-johns-sip-outbound-middialog
Previous by thread: Re: [Sip] RE: TLS meaning
Next by thread: Re: [Sip] RE: TLS meaning
Index(es):
- Date
- Thread