Hi, I think it would be good to provide a revision, with the addtional information, asap. It will be easier to make a decission whether to move the draft forward, and it will hopefully reduce the what-is-this-needed-for type of questions.
Regards, Christer -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sumanth Channabasappa Sent: 4. kesäkuuta 2008 22:43 To: Francois Audet; DRAGE, Keith (Keith); [email protected] Subject: Re: [Sip] draft-dotson-sip-mutual-auth-02 Sounds fair, we can provide additional information in a revision (probably when the WG decides to pursue this effort?). Thanks! - S -----Original Message----- From: Francois Audet [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 04, 2008 1:02 PM To: Sumanth Channabasappa; DRAGE, Keith (Keith); [email protected] Subject: RE: [Sip] draft-dotson-sip-mutual-auth-02 Ok, thanks. I would like the begining of the document (say section 3, or a Scope, Applicability statement or similar section) to explains when and why this is useful. The purpose is really for an implementor to be able by reading this section to be in a position to determine if it's somthing that should he needs to worry about or not. So, say if I'm developping a UA for an IMS environment versus an Enteprise SIP UA, or an Enteprise SIP access to a service provider network, I'll know if this applies to me or not. Cheers. > -----Original Message----- > From: Sumanth Channabasappa [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 04, 2008 11:33 > To: Audet, Francois (SC100:3055); DRAGE, Keith (Keith); [email protected] > Subject: RE: [Sip] draft-dotson-sip-mutual-auth-02 > > Francois, > > Thanks for your thoughts. We can certainly add more details if it is > unclear. > > As a clarification, I don't think we are saying that the current > mechanism is necessarily broken (which is why it is not an essential > correction, as discussed earlier in the WG). > However, we want to allow for the use of this header in deployments > that use Digest (with or without TLS; e.g., when integrity protection > is provided by other means) and can benefit from its advantages > (mutual auth, nextnonce). > > - S > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Francois Audet > Sent: Wednesday, June 04, 2008 12:08 PM > To: DRAGE, Keith (Keith); [email protected] > Subject: Re: [Sip] draft-dotson-sip-mutual-auth-02 > > I do not believe that this document provide enought justification of > what is the problem that is being attempted to be solved, and why it > isn't already solved by existing mechanism that are widely implemented > (such as TLS). > > Section 9 (Security Considerations) I believe touches on it a little > bit, but it seems both incomplete and out of place. > > The problem statement needs to be brough forward in the document (say > to section 3 or a new section). The scope of applicability of the > solution should also be described up-front). > > I wan't to clarfiy I'm not necessarily against this: I just want the > justification to be clearer. The onus should be on this document to > clearly demonstrate why what we currently have is broken. > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of > > DRAGE, Keith (Keith) > > Sent: Wednesday, June 04, 2008 02:48 > > To: [email protected] > > Subject: Re: [Sip] draft-dotson-sip-mutual-auth-02 > > > > (As SIP WG cochair) > > > > This has been raised in the SIP group a couple of times, > and we have > > not yet gained an idea of whether to proceed with it in the > SIP WG or > > not. > > > > There have been a couple of technical comments raised in > the past from > > the security experts; my understanding is that these have now been > > clarified. > > > > I believe in the past there has been an interested > community that says > > this is useful. It has also been clarified that 3GPP would > like to use > > it in their specifications. > > > > So could I ask the WG to look at this document, and formally to > > indicate whether they believe some work with this scope should be > > progressed as a SIP WG item. > > > > http://www.ietf.org/internet-drafts/draft-dotson-sip-mutual-au > > th-02.txt > > > > So if you support it please indicate to the SIP WG chairs. > > > > If you have technical concerns (i.e. it should not proceed > because it > > is technically flawed beyond fixing) then please ideally mail the > > list, although the SIP WG chairs will also accept input. > > > > Responses please in 1 calendar week from this date. > > > > Regards > > > > Keith > > > > > > ________________________________ > > > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Stuart Hoggan > > Sent: Friday, May 02, 2008 5:15 PM > > To: [email protected] > > Subject: [Sip] draft-dotson-sip-mutual-auth-02 > > > > > > > > Folks, > > > > > > > > Based on the feedback received in Philadelphia, we have updated > > draft-dotson-sip-mutual-auth. The changes clarify the usage of the > > Proxy-Authentication-Info header, including support for multiple > > values. > > > > > > > > > > Any further comments or suggestions will be > appreciated. It would > > also be nice to obtain WG feedback on pursuing this I-D as a WG > > document. > > > > > > > > Regards, > > > > Stuart > > > > > > > > _______________________________________________ > > Sip mailing list https://www.ietf.org/mailman/listinfo/sip > > This list is for NEW development of the core SIP Protocol Use > > [EMAIL PROTECTED] for questions on current sip Use > > [EMAIL PROTECTED] for new developments on the application of sip > > > _______________________________________________ > Sip mailing list https://www.ietf.org/mailman/listinfo/sip > This list is for NEW development of the core SIP Protocol Use > [EMAIL PROTECTED] for questions on current sip Use > [EMAIL PROTECTED] for new developments on the application of sip > _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
