[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sipping] Further proceeding with draft-ietf-sipping-update-pai--05

To: SIPPING LIST <sipping at ietf.org>, Cullen Jennings <fluffy at cisco.com>, "Peterson, Jon" <jon.peterson at neustar.biz>
Subject: [Sipping] Further proceeding with draft-ietf-sipping-update-pai--05
From: "Elwell, John" <john.elwell at siemens.com>
Date: Wed, 03 Sep 2008 08:35:40 +0100
Delivered-to: ietfarch-sipping-web-archive at core3.amsl.com
Delivered-to: sipping at core3.amsl.com
List-archive: <https://www.ietf.org/mailman/private/sipping>
List-help: <mailto:sipping-request@ietf.org?subject=help>
List-id: "SIPPING Working Group \(applications of SIP\)" <sipping.ietf.org>
List-post: <mailto:sipping@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
Sender: sipping-bounces at ietf.org
Thread-index: AckNl6pBCikkmzyURXK2g6Cr7rUY4A==
Thread-topic: Further proceeding with draft-ietf-sipping-update-pai--05

I received no feedback in the changes made in draft-05 concerning the
forward compatibility mechanism, nor on the particular issue I asked for
comments on:
http://www.ietf.org/mail-archive/web/sipping/current/msg16105.html
Therefore I assume these changes are acceptable.

So we have the one remaining issue concerning response authentication.
We had some list discussion on this, the last one being on 20th August:
http://www.ietf.org/mail-archive/web/sipping/current/msg16121.html

The use of PAI in responses is something that needs clarifying, because
RFC 3325 is ambiguous (sometimes it talks about SIP messages, other
times it specifically talks about requests). In one place it actually
states "message (request or response)".

So I think we have the following options:

1. Say nothing about responses at all, thereby leaving us with the
ambiguity that exists in RFC 3325. I don't think this is a sensible
option. A lot of the value of updating RFC 3325 is lost if we don't
tackle the response ambiguity issue.

2. Clarify the situation by stating that PAI (and PPI) MUST NOT be used
in responses. I would be very reluctant to go down this path, since I
know there is a lot of use of PAI in responses (e.g., in 3GPP).

3. Devise a mechanism that exploits TLS to achieve authenticated
response identity and use this in the update-pai draft. As Cullen
pointed out, this needs to be a separate and non-trivial piece of work,
probably done in the SIP WG. Waiting for this would hold up update-pai
for a considerable time.

4. Go ahead with the present update-pai draft, leaving it open how to
achieve authentication of a response. The present example of how to do
this (towards the end of section 3.3) is broken, so would have to be
removed, or at least qualified.

Any other options?

My preference is for option 4. Please let me know which options you
would prefer and which you would definitely not be happy with.

John

_______________________________________________
Sipping mailing list  https://www.ietf.org/mailman/listinfo/sipping
This list is for NEW development of the application of SIP
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sip at ietf.org for new developments of core SIP

Follow-Ups:
- Re: [Sipping] Further proceeding with draft-ietf-sipping-update-pai--05
  - From: Cullen Jennings

Prev by Date: [Sipping] RAI-ART comments on draft-ietf-sipping-service-identification-03
Next by Date: [Sipping] I-D Action:draft-ietf-sipping-cc-transfer-10.txt
Previous by thread: [Sipping] SIPPING WG Status - 29 August 2008
Next by thread: Re: [Sipping] Further proceeding with draft-ietf-sipping-update-pai--05
Index(es):
- Date
- Thread