Re: [Sipping] Further proceeding with draft-ietf-sipping-update-pai--05

["Elwell, John" <john.elwell at siemens.com>]

First, thanks Cullen for clarifying a confusing situation.

Second, to the SIPPING WG. Because of the views clearly expressed by
Cullen below (as an individual and as an AD), it seems we should remove
everything on responses in the update-pai draft, except to say that PAI
is not currently defined for responses but future specifications may do
so.

If I hear no objections to this approach by 2008-10-09 (1 week from now)
I will carry out the necessary edits and post an 07 version.

John 

> -----Original Message-----
> From: Cullen Jennings [mailto:fluffy at cisco.com] 
> Sent: 02 October 2008 22:21
> To: Elwell, John
> Cc: Francois Audet; Mary Barnes; sipping
> Subject: Re: [Sipping] Further proceeding with 
> draft-ietf-sipping-update-pai--05
> 
> 
> My apologies for the confusing email. I hope I was not confusing in  
> saying in my view as an individual was that the right path is "where  
> we say that PAI is not currently defined for responses but  future  
> specifications may do so. " If there is anything I can say to make  
> this clearer, please ping me on it and I will do my best. I 
> want to be  
> clear.  More below
> 
> 
> On Oct 2, 2008, at 12:37 , Elwell, John wrote:
> 
> > "4. Go ahead with the present update-pai draft, leaving it 
> open how to
> > achieve authentication of a response. The present example 
> of how to do
> > this (towards the end of section 3.3) is broken, so would have to be
> > removed, or at least qualified."
> 
> When I read this, I was imagining that this draft was not going to  
> have new work about how to make authenticated response 
> identity work.  
> It would not say that future RFC could not do this ... it 
> would "leave  
> it open" but it would not say how to do it here. The obvious  
> implication of this to me (and I say obvious to me because I realize  
> this was not obvious to others) was that this would mean we 
> would not  
> have identity in responses. My apologies for taking this the 
> wrong way  
> and introducing confusion.
> 
> I suspect that the work of  providing Identity in responses would be  
> fundamental new security extensions of SIP and need to be 
> done in SIP.  
> I also personally believe that IESG is unlikely to pass an documents  
> that says to implement the specification you have to authenticate a  
> response but there is no defined way to do so. I will point out this  
> exact topic of authentication of responses was extensively discussed  
> in the work that lead to RFC 4916 where the WG came to consensus to  
> not do this.
> 
> This is just my rough personal opinion and trying to explain reasons  
> why - if you think this is the wrong direction, lets get on a phone  
> call and talk about it with appropriate folks and try and sort out  
> what makes sense.
> 
> Thanks, Cullen
> 
_______________________________________________
Sipping mailing list  https://www.ietf.org/mailman/listinfo/sipping
This list is for NEW development of the application of SIP
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sip at ietf.org for new developments of core SIP