Minutes of SIP at IETF 71 Edited by Dean Willis from Notes by Bob Penfield and Bruce Lowekamp Agreed agenda: Status/Agenda Bash 15 min Requirements for Media Security: Dan Wing 15 min UA Initiated Privacy: Mayumi Munakata 15 min X.509 Certificates for TLS: Vijay Gurbani 15 min X.509 Extended Key Usage: Vijay Gurbani 15 min Request URI and Parameters to UA by Proxy: Christer Holmberg 30 min Identity Requirements for E.164 and SBCs: John Elwell 30 min Topic: Status by Chairs Slides presented and included in minutes Issue: draft-dotson-sip-mutual-auth-01 PacketCable and 3GPP may have requirements for this work. If so, we need official requests from them. Sumanth Channabasappa reported that there are no known LS from either PacketCable or 3GPP, and that the work is baed on the author's perception of technical requirements. Noted that the draft needs to account for difference between how authentication is handled in http vs sip, and also know that this header is not widely used in http deployments, so we can't start with the assumption that this works in http. Also, we need to show a multi-proxy scenario. The authors plan to revise the draft to address multi-proxy scenarios. Noted that the draft is intended as a SIP extension, rather than an essential correction to RFC 3261. Open question: Is this restricted to 200 OK responses? Issue: draft-sipping-199-04 ACTION: Chairs to work with ADs to add deliverable to charter Issue: draft-ietf-sip-session-policy-framework-02 There is one open question on use of alternative protocols (such as http) for retrieval of policy documents. Is this widely needed? Barring real use-cses and agreed needs, this will go forward as is. Issue: draft-ietf-sip-outbound-12 Open question: keep-alive compromise. A solution using "ob" was discussed. The room voiced no objection to the proposal. Open question: flow-timer. One person in the room cared; nobody else did. There seems to be little point in retaining this feature. Issue: draft-ietf-sip-subnot-etags One open question on ambiguity of "version". The author is to fix this in the next version, which will proceed. Issue: draft-kaplan-sip-info-events-01 A special session on this topic earlier in the week was cancelled, leaving no time to really discuss it. Despite a prior commitment to decide on either info-events or info-harmful at this meeting, the WG was unable to reach consensus on either direction. There seemed to be a slight preference for info-events, but not a clear consensus. AD Cullen Jennings suggested that the WG add a milestone for making a decision to the charter. Several participants suggested conference calls or an ad-hoc. ACTION: Chairs to work with ADs to resolve a process here. Issue: draft-ietf-sip-location-conveyance-10 WG is waiting on requirements from the GEOPRIV working group. The draft will not advance until those requirements are resolved. Issue: draft-sparks-sip-invfix-01 and Essential Corrections process The WG discussed format alternatives including a standalone document vs. a list of diffs. The conclusion is that the standalone document is useful, but a list of sentence-by-sentence changes is essential to developers. Further, we need some sort of technique (perhaps a master summary of all corrections). ACTION: Chairs to do WGLC for invfix. Topic: Requirements for Media Security by Dan Wing Slides presented Question: Add current requirements, or publish draft based on requirements from 2007 RTPSEC BOF? Resolved that we shall move forward with current draft; other requirements, if needed, can be addressed in future documents. Issue: Requirement 15 on converting from RTP to SRTP mid-call. Requirement was previously deleted, but there have been calls to add it back in. Noted by Alan Johnston that this is addressed in the latest ZRTP draft. Agreed that R15 shall be added back into requirements draft. Noted that we have not received final feedback from 3GPP on the document, but that discussion is underway. Topic: UA Initiated Privacy by Mayumi Munakata Slides presented Open Issue: Construction of URI in "From" Header Field Three alternatives (as per RFC 3261, RFC 4474, and GRUU) presented. Discussion resolved the the psuedonymous feature of GRUU is best delivered by a separate anonymization service. The draft will document alternatives #1 and #2, with #1 being preferred in the absence of an RFC 4474 authentication service and #2 preferred in the presence of such a service. Topic: Domain Certs and Extended Key Usage by Vijay Gurbani Slides presented Issue: Subject-Alt-Name SAN is not provided in today's commercial certs, but the draft says SIP certs MUST have it. ACTION: Eric Rescorla (EKR) is to send revised text to the editors making this a SHOULD. Issue: Wildcard Certificates Security area seems to have banned use of wildcard certificates in IETF specifications, but they are widely believed to be critical in HTTP deployments. Editors are to add a discussion of why they are not allowed in this document. Issue: Split of Domain-Certs and EKU into Two Drafts Drafts were split for historical reasons. ACTION: Chairs and ADs to discuss whether to re-merge. Topic: Request URI and Parameters to UAS through Proxy by Christer Holmberg Slides presented Debate was inconclusive. A WG chair speculated that we have lost track of the requirements we are trying to solve. ACTION: ADs and Chairs to figure out next step Topic: SIP-Identity Issues by John Elwell Slides presented Issue: E.164 and RFC 4474 and DTLS-SRTP We have known issues with RFC 4474 handling of phone numbers, especially given the inconsistent processing of phone numbers and mixed URI encoding methods. The critical manifestation here is that if RFC 4474 is used to assert an identity derived from the PSTN (specifically, through a gateway via Caller-ID services) then there may be no basis to trust that assertion. This is problematic in that DTLS-SRTP requires and RFC 4474 Identity header to provide the fingerprint that correlates media with signaling. We would like to be able to use DTLS-SRTP with calls to/from PSTN gateways. However, this could result in teh insertion of misleading Identity headers. Discussion focused on defining the problem and the three "problem" use cases. There was a conclusion that this is definitely a problem that needs to be fixed. There seems to be a possibility that it could be fixed by guidance in the DTLS-SRTP framework, which we would like to conclude as soon as possible. However, there is at this time no consensus on a solution. For the record, an extended conversation took off on the mailing list following the in-meeting discussion, and that conversation has brought forward at least one proposal (a From: header URI parameter that would be inserted by gateways) that might meet the requirements. Issue: Impact of SBCs on RFC 4474 and SRTP-DTLS SBCs may make changes to requests that alter the RFC 4474 Identity header in such a way that it can not meet the requirements of SRTP-DTLS. Several fixes have been proposed and were discussed briefly. Further discussion is required. End of Meeting Report