[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sipping] Decision needed on final issue with draft-ietf-sipping-update-pai-07

To: Dean Willis <dean.willis at softarmor.com>
Subject: Re: [Sipping] Decision needed on final issue with draft-ietf-sipping-update-pai-07
From: "Elwell, John" <john.elwell at siemens.com>
Date: Sat, 25 Oct 2008 15:56:03 +0100
Cc: sipping at ietf.org, "DRAGE, Keith \(Keith\)" <drage at alcatel-lucent.com>
Delivered-to: ietfarch-sipping-web-archive at core3.amsl.com
Delivered-to: sipping at core3.amsl.com
In-reply-to: <D95E2BCF-39C4-42E0-BA53-CEC546EE7561 at softarmor.com>
List-archive: <https://www.ietf.org/mailman/private/sipping>
List-help: <mailto:sipping-request@ietf.org?subject=help>
List-id: "SIPPING Working Group \(applications of SIP\)" <sipping.ietf.org>
List-post: <mailto:sipping@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
References: <0D5F89FAC29E2C41B98A6A762007F5D001349474 at GBNTHT12009MSX.gb002.siemens.net> <F2116142-CC73-4862-8CA8-4654FD86DC93 at softarmor.com> <0D5F89FAC29E2C41B98A6A762007F5D001349605 at GBNTHT12009MSX.gb002.siemens.net> <5D1A7985295922448D5550C94DE2918002425F58 at DEEXC1U01.de.lucent.com> <0D5F89FAC29E2C41B98A6A762007F5D001349873 at GBNTHT12009MSX.gb002.siemens.net> <D95E2BCF-39C4-42E0-BA53-CEC546EE7561 at softarmor.com>
Sender: sipping-bounces at ietf.org
Thread-index: Ack2IfaZ4FOREVLASsWgmKssoVmEEgAjs33Q
Thread-topic: [Sipping] Decision needed on final issue with draft-ietf-sipping-update-pai-07

Dean,

I am looking for somebody to provide some text that could replace or add
to the text in section 3.3, paragraph beginning "Section 5 of RFC 3325
requires". I spoke to Keith yesterday and I think he will try to do so.
Nobody objected to the consensus call to remove the response stuff, and
therefore as editor I removed it. As much as I personally would like to
include PAI in responses in this draft, I have to go along with the WG
consensus, which, until a couple of days ago was to remove it.

If somebody wants to have it re-instated, they should provide the text
AND convince those who objected to the existing text. I am not going to
take the lead.

John


> -----Original Message-----
> From: Dean Willis [mailto:dean.willis at softarmor.com] 
> Sent: 24 October 2008 22:46
> To: Elwell, John
> Cc: DRAGE, Keith (Keith); sipping at ietf.org
> Subject: Re: [Sipping] Decision needed on final issue with 
> draft-ietf-sipping-update-pai-07
> 
> 
> On Oct 24, 2008, at 7:55 AM, Elwell, John wrote:
> 
> >>
> > [JRE] This was the example given in earlier drafts, and removed  
> > because
> > it is broken. There is nothing to bind together the entity  
> > authenticated
> > by digest and the entity terminating TLS. A request certainly has to
> > come via the entity that terminates TLS, but this need not 
> be the same
> > entity that originates the request. So we could have the following
> > situation:
> >
> > +-----+
> > | UA1 +--------+
> > +-----+        |        +---------+        +---------+
> >               +--------+         |        |         |
> >                        | Proxy 1 +--------+ Proxy 2 |
> >               +--------|         |        |         |
> > +-----+        |        +---------+        +---------+
> > | UA2 +--------+
> > +-----+
> >
> > Proxy 2 accepts an inbound TLS connection and over that 
> receives a SIP
> > request, which it challenges. The next SIP request contain correct
> > credentials for UA1. Proxy 2 then receives a further SIP 
> request. How
> > does it know that it comes from UA1 and not UA2, say? In 
> other words,
> > how does proxy 2 know that there is a proxy 1 (or some 
> other form of  
> > SIP
> > intermediary) between it and UA1?
> 
> This scenario drove the requirement for a "P-Asserted-By" header, so  
> the transitivity could be tracked. We don't have that header  
> defined . . .
> 
> However, there are architectures for which the UA can issue a valid  
> digest in the response, since the "challenge" per se is 
> handled at the  
> SIM level.
> 
> --
> Dean
> 
> 
_______________________________________________
Sipping mailing list  https://www.ietf.org/mailman/listinfo/sipping
This list is for NEW development of the application of SIP
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sip at ietf.org for new developments of core SIP

Follow-Ups:
- Re: [Sipping] Decision needed on final issue with draft-ietf-sipping-update-pai-07
  - From: Dean Willis

References:
- [Sipping] Decision needed on final issue with draft-ietf-sipping-update-pai-07
  - From: Elwell, John
- Re: [Sipping] Decision needed on final issue with draft-ietf-sipping-update-pai-07
  - From: Dean Willis
- Re: [Sipping] Decision needed on final issue with draft-ietf-sipping-update-pai-07
  - From: Elwell, John
- Re: [Sipping] Decision needed on final issue with draft-ietf-sipping-update-pai-07
  - From: DRAGE, Keith \(Keith\)
- Re: [Sipping] Decision needed on final issue with draft-ietf-sipping-update-pai-07
  - From: Elwell, John
- Re: [Sipping] Decision needed on final issue with draft-ietf-sipping-update-pai-07
  - From: Dean Willis

Prev by Date: Re: [Sipping] Decision needed on final issue with draft-ietf-sipping-update-pai-07
Next by Date: Re: [Sipping] Decision needed on final issue with draft-ietf-sipping-update-pai-07
Previous by thread: Re: [Sipping] Decision needed on final issue with draft-ietf-sipping-update-pai-07
Next by thread: Re: [Sipping] Decision needed on final issue with draft-ietf-sipping-update-pai-07
Index(es):
- Date
- Thread