Re: [Sipping] Decision needed on final issue with draft-ietf-sipping-update-pai-07

[Dean Willis <dean.willis at softarmor.com>]

"See IMS". 3GPP references our standards, we can reference theirs.

On Oct 24, 2008, at 1:10 AM, Elwell, John wrote:

> Dean,
>
> It seemed that to get the draft through IESG, it needed to cite at  
> least
> one mechanism by which a response can be authenticated (likewise ACK  
> and
> CANCEL). The mechanism in earlier drafts, whereby the response is
> received over a TLS connection over which digest authentication had
> previously taken place, was shown to be flawed. Nobody seemed able to
> offer a robust and standardised alternative. If somebody can put  
> forward
> a robust and standardised alternative that can convince those with
> concerns, I would be happy to re-instate the response stuff.
>
> John
>
> > -----Original Message-----
> > From: Dean Willis [mailto:dean.willis at softarmor.com]
> > Sent: 23 October 2008 19:46
> > To: Elwell, John
> > Cc: sipping at ietf.org
> > Subject: Re: [Sipping] Decision needed on final issue with
> > draft-ietf-sipping-update-pai-07
> >
> >
> > On Oct 23, 2008, at 9:18 AM, Elwell, John wrote:
> >
> > > I need a decision on one outstanding issue. We previously
> > agreed that
> > > PAI could be used in any request. We recently agreed to remove
> > > specification of PAI in responses because there is no standardised
> > > means
> > > of authenticating a UAS. Brett Tate pointed out that
> > likewise there is
> > > no standardised means of authenticating a UAC when it sends
> > CANCEL or
> > > ACK (these cannot be challenged, and cannot be rejected if
> > > authentication is wrong). I have so far received no further
> > opinions
> > > on
> > > this. To be consistent I believe we have to make exceptions
> > of CANCEL
> > > and ACK and say that PAI cannot be used with these methods.
> > >
> > > If I receive no objections by 26th October I will update
> > the draft on
> > > 27th.
> >
> > The problems is that some network architectures DO allow
> > authentication of both responses and CANCEL/ACK.
> >
> > PAI is quite widely used in those networks. In fact, it came
> > to us as
> > a P-header for use specifically in those networks.
> >
> > What is probably needed is an applicability statement that explains
> > the environment in which PAI is usable in "digest authenticable
> > requests" , and goes on to explain the environment in which PAI is
> > usable in other requests and responses.
> >
> > --
> > Dean

_______________________________________________
Sipping mailing list  https://www.ietf.org/mailman/listinfo/sipping
This list is for NEW development of the application of SIP
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sip at ietf.org for new developments of core SIP