SIPit 21 summary & Security

Hi Robert,

I have a question regarding a few sub-items:

> Implementations using each transport for SIP messages:
>   UDP    100%
>   TCP     82%
>   TLS     49% (server auth only)
>   TLS      6% (mutual auth)
>   SCTP      3%
>   DTLS      0%
>
> 36% of the implementations supported SIP over IPv6 (up
from 25% at 
> SIPit20)
> 18% supported SIP over IPSec
What does it mean when someone supports SIP over IPsec?
 IPsec is independent of SIP. Is this referring to the 3GPP
IPsec 
security between the UA and the P-CSCF?

> Support for various items:
>   61% rport
>   15% sigcomp
>   22% enum
>   21% sending multiplexing STUN and SIP
>   28% receiving multiplexed STUN and SIP
>   22% RFC4320 fixes
>   12% identity
>   70% session-timer
>
What type of SIP Identity support is this?
Is this support at the proxy for creating the SIP Identity
header?
Is this support at the end host for creating the SIP
Identity header?
Is this support at proxies that verify SIP identity?
Is this support by UAs verifying SIP identity?

> Support for various things in the endpoints:
>   10%   ICE (but there was no interoperability - see
below)
>    0%   ICE-TCP
>   13%    STUNbis
>   17%    TURN (again, there was no interoperability)
>   75%    symmetric RTP
>   25%    SRTP
>    0%    RTP over DTLS
RTP over DTLS was an idea in an old draft for media
security. The 
document was dumped. Hence, the 0% is not surprising.

Ciao
Hannes



_______________________________________________
Sip mailing list  https://ww
w1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementorscs.columbia.edu for questions on current
sip
Use sippingietf.org for new developments on the application of
sip

On Nov 21, 2007, at 4:05 PM, Hannes Tschofenig wrote:

> Hi Robert,
>
> I have a question regarding a few sub-items:
>
>> Implementations using each transport for SIP
messages:
>>   UDP    100%
>>   TCP     82%
>>   TLS     49% (server auth only)
>>   TLS      6% (mutual auth)
>>   SCTP      3%
>>   DTLS      0%
>>
>> 36% of the implementations supported SIP over IPv6
(up from 25% at  
>> SIPit20)
>> 18% supported SIP over IPSec
> What does it mean when someone supports SIP over
IPsec?
> IPsec is independent of SIP. Is this referring to the
3GPP IPsec  
> security between the UA and the P-CSCF?

TLS and SCTP are independent of SIP too.
Most of the implementations supporting IPSec were doing it
to support  
the 3GPP call flows, yes.
Some were there were embedded products that could just be
set up to  
use IPSec. Take that for what it is.

>
>> Support for various items:
>>   61% rport
>>   15% sigcomp
>>   22% enum
>>   21% sending multiplexing STUN and SIP
>>   28% receiving multiplexed STUN and SIP
>>   22% RFC4320 fixes
>>   12% identity
>>   70% session-timer
>>
> What type of SIP Identity support is this?
> Is this support at the proxy for creating the SIP
Identity header?
This is most of what was there.
> Is this support at the end host for creating the SIP
Identity header?
I didn't see anyone doing this at SIPit 21.
> Is this support at proxies that verify SIP identity?
Not at SIPit 21, but two proxies plan to have it at SIPit
22
> Is this support by UAs verifying SIP identity?
I didn't see any of this yet.

>
>> Support for various things in the endpoints:
>>   10%   ICE (but there was no interoperability -
see below)
>>    0%   ICE-TCP
>>   13%    STUNbis
>>   17%    TURN (again, there was no
interoperability)
>>   75%    symmetric RTP
>>   25%    SRTP
>>    0%    RTP over DTLS
> RTP over DTLS was an idea in an old draft for media
security. The  
> document was dumped. Hence, the 0% is not surprising.
>
> Ciao
> Hannes
>



_______________________________________________
Sip mailing list  https://ww
w1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementorscs.columbia.edu for questions on current
sip
Use sippingietf.org for new developments on the application of
sip