[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sip] What good is SIPS:?

To: IETF SIP List <sip at ietf.org>
Subject: [Sip] What good is SIPS:?
From: Dean Willis <dean.willis at softarmor.com>
Date: Mon, 30 Oct 2006 10:21:49 -0600
In-reply-to: <4542971C.3080706@cisco.com>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <1ECE0EB50388174790F9694F77522CCF0DC29639@zrc2hxm0.corp.nortel.com> <4542971C.3080706@cisco.com>


What does sips: do for us?

It allows the end-user to ask the proxies to apply hop-by-hop cryptography and authentication, with the assurance that proxies that support the spec will honor that request.

It's not a high level of security as it says nothing about and cannot detect non-compliant proxies, but it is a property that we don't have with any other SIP mechanism at this time.

Many people believe this is a useful property despite its limitations. People are apparently trying to use it today, with inconsistent results. Francois' draft is intended to at least help them produce consistent results.

As we think about alternatives or changes in specification, let's keep that one useful property in-mind.

This leaves us with two questions, and we should try and differentiate further discussion by which question we're talking about:

1) Is it worth helping people get what they can out of SIPS: as roughly described in 3261, or is it so broken we should just suggest not bothering?

2) Do we need to do something beyond what sips:-as-per-RFC 3261 does, and if so, what properties does that something need to have? I personally suspect that there are three useful categories of "beyond":

a. Fix the last-hop exception and first-hop lack-of-exception, either by eliminating it/them or more clearly codifying what we're talking about.

	b. Clarify the usage for non-TLS alternatives, if any.

c. Provide an end-to-end alternative that is fully verifiable by the UAC (and maybe the UAS). Of course, this leaves open the question of what happens if either node is a B2BUA.

_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

Follow-Ups:
- Re: [Sip] What good is SIPS:?
  - From: Avshalom Houri
- Re: [Sip] Receiver oriented signaling: (was: What good is SIPS:?)
  - From: Michael Thomas

References:
- RE: [Sip] RE: TLS meaning
  - From: Francois Audet
- Re: [Sip] RE: TLS meaning
  - From: Michael Thomas

Prev by Date: Re: [Sip] One big concern with outbound-05
Next by Date: Re: [Sip] Comments on draft-ietf-sip-outbound-05
Previous by thread: RE: [Sip] RE: TLS meaning
Next by thread: Re: [Sip] Receiver oriented signaling: (was: What good is SIPS:?)
Index(es):
- Date
- Thread