Draft Minutes of SIP at IETF 71
Edited by Dean Willis from Notes by Bob Penfield and Bruce
Lowekamp
Agreed agenda:
Status/Agenda Bash 15 min
Requirements for Media Security: Dan Wing 15 min
UA Initiated Privacy: Mayumi Munakata 15 min
X.509 Certificates for TLS: Vijay Gurbani 15 min
X.509 Extended Key Usage: Vijay Gurbani 15 min
Request URI and Parameters to UA by Proxy: Christer Holmberg
30 min
Identity Requirements for E.164 and SBCs: John Elwell 30
min
Topic: Status
by Chairs
Slides presented and included in minutes
Issue: draft-dotson-sip-mutual-auth-01
PacketCable and 3GPP may have requirements for this work. If
so, we
need official requests from them.
Noted that the draft needs to account for difference between
how
authentication is handled in http vs sip, and also know that
this
header is not widely used in http deployments, so we can't
start with
the assumption that this works in http. Also, we need to
show a
multi-proxy scenario.
Open question: Is this restricted to 200 OK responses?
Issue: draft-sipping-199-04
ACTION: Chairs to work with ADs to add deliverable to
charter
Issue: draft-ietf-sip-session-policy-framework-02
There is one open question on use of alternative protocols
(such as
http) for retrieval of policy documents. Is this widely
needed?
Barring real use-cses and agreed needs, this will go forward
as is.
Issue: draft-ietf-sip-outbound-12
Open question: keep-alive compromise. A solution using
"ob" was
discussed. The room voiced no objection to the proposal.
Open question: flow-timer. One person in the room cared;
nobody else
did. There seems to be little point in retaining this
feature.
Issue: draft-ietf-sip-subnot-etags
One open question on ambiguity of "version". The
author is to fix this
in the next version, which will proceed.
Issue: draft-kaplan-sip-info-events-01
A special session on this topic earlier in the week was
cancelled,
leaving no time to really discuss it.
Despite a prior commitment to decide on either info-events
or
info-harmful at this meeting, the WG was unable to reach
consensus on
either direction. There seemed to be a slight preference
for
info-events, but not a clear consensus.
AD Cullen Jennings suggested that the WG add a milestone for
making a
decision to the charter.
Several participants suggested conference calls or an
ad-hoc.
ACTION: Chairs to work with ADs to resolve a process here.
Issue: draft-ietf-sip-location-conveyance-10
WG is waiting on requirements from the GEOPRIV working
group. The
draft will not advance until those requirements are
resolved.
Issue: draft-sparks-sip-invfix-01 and Essential Corrections
process
The WG discussed format alternatives including a standalone
document
vs. a list of diffs. The conclusion is that the standalone
document is
useful, but a list of sentence-by-sentence changes is
essential to
developers. Further, we need some sort of technique
(perhaps a master
summary of all corrections).
ACTION: Chairs to do WGLC for invfix.
Topic: Requirements for Media Security
by Dan Wing
Slides presented
Question: Add current requirements, or publish draft based
on
requirements from 2007 RTPSEC BOF? Resolved that we shall
move forward
with current draft; other requirements, if needed, can be
addressed in
future documents.
Issue: Requirement 15 on converting from RTP to SRTP
mid-call.
Requirement was previously deleted, but there have been
calls to add
it back in.
Noted by Alan Johnston that this is addressed in the latest
ZRTP
draft.
Agreed that R15 shall be added back into requirements
draft.
Noted that we have not received final feedback from 3GPP on
the
document, but that discussion is underway.
Topic: UA Initiated Privacy
by Mayumi Munakata
Slides presented
Open Issue: Construction of URI in "From" Header
Field
Three alternatives (as per RFC 3261, RFC 4474, and GRUU)
presented. Discussion resolved the the psuedonymous feature
of GRUU is
best delivered by a separate anonymization service. The
draft will
document alternatives #1 and #2, with #1 being preferred in
the
absence of an RFC 4474 authentication service and #2
preferred in the
presence of such a service.
Topic: Domain Certs and Extended Key Usage
by Vijay Gurbani
Slides presented
Issue: Subject-Alt-Name
SAN is not provided in today's commercial certs, but the
draft says
SIP certs MUST have it.
ACTION: Eric Rescorla (EKR) is to send revised text to the
editors
making this a SHOULD.
Issue: Wildcard Certificates
Security area seems to have banned use of wildcard
certificates in
IETF specifications, but they are widely believed to be
critical in
HTTP deployments. Editors are to add a discussion of why
they are not
allowed in this document.
Issue: Split of Domain-Certs and EKU into Two Drafts
Drafts were split for historical reasons.
ACTION: Chairs and ADs to discuss whether to re-merge.
Topic: Request URI and Parameters to UAS through Proxy
by Christer Holmberg
Slides presented
Debate was inconclusive. A WG chair speculated that we have
lost track
of the requirements we are trying to solve.
ACTION: ADs and Chairs to figure out next step
Topic: SIP-Identity Issues
by John Elwell
Slides presented
Issue: E.164 and RFC 4474 and DTLS-SRTP
We have known issues with RFC 4474 handling of phone
numbers,
especially given the inconsistent processing of phone
numbers and
mixed URI encoding methods. The critical manifestation here
is that if
RFC 4474 is used to assert an identity derived from the
PSTN
(specifically, through a gateway via Caller-ID services)
then there
may be no basis to trust that assertion.
This is problematic in that DTLS-SRTP requires and RFC 4474
Identity
header to provide the fingerprint that correlates media
with
signaling. We would like to be able to use DTLS-SRTP with
calls
to/from PSTN gateways. However, this could result in teh
insertion of
misleading Identity headers.
Discussion focused on defining the problem and the three
"problem" use
cases.
There was a conclusion that this is definitely a problem
that needs to
be fixed. There seems to be a possibility that it could be
fixed by
guidance in the DTLS-SRTP framework, which we would like to
conclude
as soon as possible. However, there is at this time no
consensus on a
solution. For the record, an extended conversation took off
on the
mailing list following the in-meeting discussion, and that
conversation has brought forward at least one proposal (a
From: header
URI parameter that would be inserted by gateways) that might
meet the
requirements.
Issue: Impact of SBCs on RFC 4474 and SRTP-DTLS
SBCs may make changes to requests that alter the RFC 4474
Identity
header in such a way that it can not meet the requirements
of
SRTP-DTLS. Several fixes have been proposed and were
discussed
briefly. Further discussion is required.
End of Meeting Report
_______________________________________________
Sip mailing list https://www
.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors cs.columbia.edu for questions on current
sip
Use sippingietf.org for new developments on the application of
sip
|
