Hi Orit, On 11/16/2014 05:44 AM, Orit Levin (LCA) wrote: > In addition, Section 5 contains the detailed discussion on the > applicability of this BCP to various application protocols. XMPP is > an example of an application to rely on the BCP as the baseline and > specify further clarifications and/or deviations in > https://tools.ietf.org/html/draft-ietf-uta-xmpp-03 . Email > application (with its various entities and protocols) is the next on > the UTA agenda. It would be great to see IoT following the same path, > i.e. using the BCP baseline recommendations, either within or outside > of UTA.
The problem is only that the communication and usage model of different application protocols are very different. Where do you best see this difference? For example, the UTA BCP completely lacks the discussion about client authentication in TLS. This is of course not very surprising if you come from an XMPP, Web, Email world where client authentication happens at the application layer. When it comes to the recommendations for the use of DTLS let us look at the DTLS use in SIP. The problem there is that (a) the community that has experience with DTLS in SIP (and media security in particular) is not on this list and (b) there is not that much experience with DTLS in SIP in the first place (at least compared to the experience of using TLS in XMPP, Email and on the Web). Finally, again related to the communication model one has to point out that the use of DTLS for SRTP in SIP is not following the classical client-sever model but rather a peer-to-peer model (as described in RFC 5763). For the use of DTLS in WebRTC we can hardly speak about best current practice when we are currently at the point of "oh it rings". Ciao Hannes
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
