[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] RE: TLS meaning

To: Francois Audet <audet at nortel.com>
Subject: Re: [Sip] RE: TLS meaning
From: Michael Thomas <mat at cisco.com>
Date: Fri, 27 Oct 2006 16:32:44 -0700
Authentication-results: sj-dkim-1.cisco.com; header.From=mat@cisco.com; dkim=pass ( sig from cisco.com verified; );
Cc: IETF SIP List <sip at ietf.org>
Dkim-signature: a=rsa-sha1; q=dns; l=1916; t=1161991965; x=1162855965; c=relaxed/simple; s=sjdkim1002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=mat@cisco.com; z=From:Michael=20Thomas=20<mat@cisco.com> |Subject:Re=3A=20[Sip]=20RE=3A=20TLS=20meaning; X=v=3Dcisco.com=3B=20h=3D1GsuDSiA2v9kYoGCLcomcEiV93I=3D; b=DT7YBEPT9Dx+WV3CegCMAIWW5amjUd930lBpez6hmcngJTIpJoFYn297AkDSvo1odXVsRVKn IXlxCmxw6QupsoZOi114Q0rFiE68z+qshxd9UryDp1Pxlq4jdyK9Bv6S;
In-reply-to: <1ECE0EB50388174790F9694F77522CCF0DC29639@zrc2hxm0.corp.nortel.com>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <1ECE0EB50388174790F9694F77522CCF0DC29639@zrc2hxm0.corp.nortel.com>
User-agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; rv:1.7.3) Gecko/20040913 Thunderbird/0.8 Mnenhy/0.7.2.0

Francois Audet wrote:

-----Original Message----- From: Michael Thomas [mailto:mat at cisco.com] Sent: Friday, October 27, 2006 4:20 PM To: Audet, Francois (SC100:3055) Cc: IETF SIP List Subject: Re: [Sip] RE: TLS meaning
Francois Audet wrote:
Please calm down.
Here is one simple scenario.
I deploy an Enteprise SIP network. I install 10 SIP proxies
accross the

Corporate Network. All the proxies are certified to properly

implement

SIPS. All the phones are also certified to implement SIPS

properly. I
know, because I am responsible for the network.
An end user can call another end-user within that network with the certitude that if sips is used, it will be secured end-to-end.
How about an example when it's not all within the same administrative entity. How abouts some examples that resemble, oh say, the mail system. These have always been where my concerns are. Within my own domain, I don't need SIPS; I can do that by executive fiat.
In that case, if you don't have trust with them, then don't use
sips. As simple as that.
Yes you need sips in your own domain, because some devices support TLS, others don't. Some users want to be addressed securily, others don't.

No. I do not require a signaling element to decide whether to route via
SIP/TLS or  just SIP. I can just as easily statically provision it. Or I can
try it on a SIP/TLS listener port first. Or any other way to do the same
thing.

In any case, you didn't respond to my point that SIPS is not end to end
security. That's just false on its face, and the seeming fact that you don't
get the difference is the tip of a very problematic iceberg.

      Mike

_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

Follow-Ups:
- [Sip] What good is SIPS:?
  - From: Dean Willis
- RE: [Sip] RE: TLS meaning
  - From: Francois Audet

References:
- RE: [Sip] RE: TLS meaning
  - From: Francois Audet

Prev by Date: RE: [Sip] RE: TLS meaning
Next by Date: RE: [Sip] RE: TLS meaning
Previous by thread: RE: [Sip] RE: TLS meaning
Next by thread: RE: [Sip] RE: TLS meaning
Index(es):
- Date
- Thread