Sounds fair, we can provide additional information in a revision (probably when the WG decides to pursue this effort?).
Thanks! - S -----Original Message----- From: Francois Audet [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 04, 2008 1:02 PM To: Sumanth Channabasappa; DRAGE, Keith (Keith); [email protected] Subject: RE: [Sip] draft-dotson-sip-mutual-auth-02 Ok, thanks. I would like the begining of the document (say section 3, or a Scope, Applicability statement or similar section) to explains when and why this is useful. The purpose is really for an implementor to be able by reading this section to be in a position to determine if it's somthing that should he needs to worry about or not. So, say if I'm developping a UA for an IMS environment versus an Enteprise SIP UA, or an Enteprise SIP access to a service provider network, I'll know if this applies to me or not. Cheers. > -----Original Message----- > From: Sumanth Channabasappa [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 04, 2008 11:33 > To: Audet, Francois (SC100:3055); DRAGE, Keith (Keith); [email protected] > Subject: RE: [Sip] draft-dotson-sip-mutual-auth-02 > > Francois, > > Thanks for your thoughts. We can certainly add more details > if it is unclear. > > As a clarification, I don't think we are saying that the > current mechanism is necessarily broken (which is why it is > not an essential correction, as discussed earlier in the WG). > However, we want to allow for the use of this header in > deployments that use Digest (with or without TLS; e.g., when > integrity protection is provided by other means) and can > benefit from its advantages (mutual auth, nextnonce). > > - S > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Francois Audet > Sent: Wednesday, June 04, 2008 12:08 PM > To: DRAGE, Keith (Keith); [email protected] > Subject: Re: [Sip] draft-dotson-sip-mutual-auth-02 > > I do not believe that this document provide enought > justification of what is the problem that is being attempted > to be solved, and why it isn't already solved by existing > mechanism that are widely implemented (such as TLS). > > Section 9 (Security Considerations) I believe touches on it a > little bit, but it seems both incomplete and out of place. > > The problem statement needs to be brough forward in the > document (say to section 3 or a new section). The scope of > applicability of the solution should also be described up-front). > > I wan't to clarfiy I'm not necessarily against this: I just > want the justification to be clearer. The onus should be on > this document to clearly demonstrate why what we currently > have is broken. > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of > > DRAGE, Keith (Keith) > > Sent: Wednesday, June 04, 2008 02:48 > > To: [email protected] > > Subject: Re: [Sip] draft-dotson-sip-mutual-auth-02 > > > > (As SIP WG cochair) > > > > This has been raised in the SIP group a couple of times, > and we have > > not yet gained an idea of whether to proceed with it in the > SIP WG or > > not. > > > > There have been a couple of technical comments raised in > the past from > > the security experts; my understanding is that these have now been > > clarified. > > > > I believe in the past there has been an interested > community that says > > this is useful. It has also been clarified that 3GPP would > like to use > > it in their specifications. > > > > So could I ask the WG to look at this document, and formally to > > indicate whether they believe some work with this scope should be > > progressed as a SIP WG item. > > > > http://www.ietf.org/internet-drafts/draft-dotson-sip-mutual-au > > th-02.txt > > > > So if you support it please indicate to the SIP WG chairs. > > > > If you have technical concerns (i.e. it should not proceed > because it > > is technically flawed beyond fixing) then please ideally mail the > > list, although the SIP WG chairs will also accept input. > > > > Responses please in 1 calendar week from this date. > > > > Regards > > > > Keith > > > > > > ________________________________ > > > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Stuart Hoggan > > Sent: Friday, May 02, 2008 5:15 PM > > To: [email protected] > > Subject: [Sip] draft-dotson-sip-mutual-auth-02 > > > > > > > > Folks, > > > > > > > > Based on the feedback received in Philadelphia, we have updated > > draft-dotson-sip-mutual-auth. The changes clarify the usage of the > > Proxy-Authentication-Info header, including support for multiple > > values. > > > > > > > > > > Any further comments or suggestions will be > appreciated. It would > > also be nice to obtain WG feedback on pursuing this I-D as a WG > > document. > > > > > > > > Regards, > > > > Stuart > > > > > > > > _______________________________________________ > > Sip mailing list https://www.ietf.org/mailman/listinfo/sip > > This list is for NEW development of the core SIP Protocol Use > > [EMAIL PROTECTED] for questions on current sip Use > > [EMAIL PROTECTED] for new developments on the application of sip > > > _______________________________________________ > Sip mailing list https://www.ietf.org/mailman/listinfo/sip > This list is for NEW development of the core SIP Protocol Use > [EMAIL PROTECTED] for questions on current sip > Use [EMAIL PROTECTED] for new developments on the application of sip > _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
