[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] Signing P-Asserted-Identity

To: Michael Thomas <mat at cisco.com>
Subject: Re: [Sip] Signing P-Asserted-Identity
From: Hadriel Kaplan <HKaplan at acmepacket.com>
Date: Tue, 8 Jul 2008 16:18:00 -0400
Accept-language: en-US
Acceptlanguage: en-US
Cc: "sip at ietf.org" <sip at ietf.org>
Delivered-to: ietfarch-sip-web-archive at core3.amsl.com
Delivered-to: sip at core3.amsl.com
In-reply-to: <4873C037.5050203@cisco.com>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <E6C2E8958BA59A4FB960963D475F7AC30EEDF3C361@mail.acmepacket.com> <4873B3C5.4020202@cisco.com> <E6C2E8958BA59A4FB960963D475F7AC30EEDF3CD21@mail.acmepacket.com> <4873C037.5050203@cisco.com>
Sender: sip-bounces at ietf.org
Thread-index: AcjhMOYsDJ35U4xCR+O5vljWlgUtQwAAZNhQ
Thread-topic: [Sip] Signing P-Asserted-Identity


> -----Original Message-----
> From: Michael Thomas [mailto:mat at cisco.com]
>
> Indeed, DKIM has the same constraint as well.  What I'm not entirely
> getting is why 4474 isn't sufficient for the overall goal.

That has been a source of debate for a couple years of mailing list traffic. :)
The problems identified so far, I think:
1) Most URI's are actually E.164's, either as Tel's in Sip disguise, or as real Tel's - and 4474 either can't apply to it, or shouldn't, or should - depending on who you ask and in what context.  But E.164 is the elephant in the room.
2) 4474 signs things which many real-world cases will break the signature of, and thus has a deployment problem (whether that's fixable, or by design, is another topic of debate).  But that's another elephant in the room, or maybe a lion, smaller but hairy.
3) 4474 is susceptible to cut/paste attacks - for example the baiting attack.  That one's more like a clown, annoying but probably not deadly.
4) 4474 requires 4916 for called-identity, which some people aren't happy with I think.  That one's more like a camel, a hump some people don't like the smell of.

At least I think that's the main tent.  So basically what we got here is a circus, with some of us trying to tame the animals, while others prefer to sit and enjoy the show. :)

-hadriel
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

Follow-Ups:
- Re: [Sip] Signing P-Asserted-Identity
  - From: Adam Roach

References:
- [Sip] Signing P-Asserted-Identity
  - From: Hadriel Kaplan
- Re: [Sip] Signing P-Asserted-Identity
  - From: Michael Thomas
- Re: [Sip] Signing P-Asserted-Identity
  - From: Hadriel Kaplan
- Re: [Sip] Signing P-Asserted-Identity
  - From: Michael Thomas

Prev by Date: Re: [Sip] Signing P-Asserted-Identity
Next by Date: Re: [Sip] Signing P-Asserted-Identity
Previous by thread: Re: [Sip] Signing P-Asserted-Identity
Next by thread: Re: [Sip] Signing P-Asserted-Identity
Index(es):
- Date
- Thread