Session Initiation Protocol (SIP) Authenticated Identity Body (AIB) Format
draft-ietf-sip-authid-body-03
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2012-08-22
|
03 | (System) | post-migration administrative database adjustment to the No Objection position for Harald Alvestrand |
2012-08-22
|
03 | (System) | post-migration administrative database adjustment to the No Objection position for Steven Bellovin |
2004-05-10
|
03 | Amy Vezza | State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza |
2004-05-10
|
03 | Amy Vezza | IESG state changed to Approved-announcement sent |
2004-05-10
|
03 | Amy Vezza | IESG has approved the document |
2004-05-10
|
03 | Amy Vezza | Closed "Approve" ballot |
2004-05-10
|
03 | Allison Mankin | State Changes to Approved-announcement to be sent from IESG Evaluation::AD Followup by Allison Mankin |
2004-05-07
|
03 | (System) | [Ballot Position Update] New position, No Objection, has been recorded for Bill Fenner |
2004-05-07
|
03 | Harald Alvestrand | [Ballot Position Update] Position for Harald Alvestrand has been changed to No Objection from Discuss by Harald Alvestrand |
2004-05-06
|
03 | Steven Bellovin | [Ballot Position Update] Position for Steve Bellovin has been changed to No Objection from Discuss by Steve Bellovin |
2004-05-06
|
03 | (System) | Sub state has been changed to AD Follow up from New Id Needed |
2004-05-06
|
03 | (System) | New version available: draft-ietf-sip-authid-body-03.txt |
2003-12-18
|
03 | Amy Vezza | Removed from agenda for telechat - 2003-12-18 by Amy Vezza |
2003-12-18
|
03 | Amy Vezza | State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation by Amy Vezza |
2003-12-18
|
03 | Amy Vezza | [Ballot Position Update] New position, No Objection, has been recorded for by Amy Vezza |
2003-12-18
|
03 | Harald Alvestrand | [Ballot comment] Shepherding AD understands problem. I expect to have no problem clearing the DISCUSS when new text arrives. |
2003-12-18
|
03 | Thomas Narten | [Ballot Position Update] New position, No Objection, has been recorded for by Thomas Narten |
2003-12-18
|
03 | Bert Wijnen | [Ballot Position Update] Position for Bert Wijnen has been changed to No Objection from Undefined by Bert Wijnen |
2003-12-18
|
03 | Bert Wijnen | [Ballot comment] No Further objections or comments |
2003-12-18
|
03 | Bert Wijnen | [Ballot Position Update] New position, Undefined, has been recorded for by Bert Wijnen |
2003-12-18
|
03 | Alex Zinin | [Ballot Position Update] New position, No Objection, has been recorded for by Alex Zinin |
2003-12-17
|
03 | Margaret Cullen | [Ballot Position Update] New position, No Objection, has been recorded for by Margaret Wasserman |
2003-12-17
|
03 | Steven Bellovin | [Ballot discuss] Section 4: It explains why third party call control is hard, but doesn't explain what to do about it -- it just says … [Ballot discuss] Section 4: It explains why third party call control is hard, but doesn't explain what to do about it -- it just says that other headers "MAY be used", but neither says what they are, nor gives a pointer to where this is defined. Section 8: what good does it do for a party to be able to verify an AIB signature if, as noted, it can't tell that it is an AIB, let alone what it contains? Here are some comments from Eric Rescorla of the Security Directorate: -- First, let me restate what I take to be the rationale for this work: (a) A lot of important SIP information is in message headers. (b) Message headers aren't conventionally protected by S/MIME. (c) The current solution is to take the whole SIP message and S/MIME sign it. (d) This causes a lot of bloat as well as confusion because some headers are mutable. What Jon is proposing is basically to produce an S/MIME message that contains a subset of the headers (and whatever body if necessary) that are to be validated. While gross, I think this is probably the right technical approach. However, I think this document could use some editorial improvement. I'd like to see two things: (1) An explicit list of which headers are included in each case. (2) An explicit discussion of what security properties one is supposed to be able to infer from any particular AIB. I think this would make it much clearer. At the moment, I'm uncomfortable making security assessments. Detailed comments: S 1: Your examples use @atlanta.com. Isn't it convention to use @example.com now? S 2: When would you use message/sip as opposed to message/sipfrag? Do they have different security implications? I think this section also needs some explanation of how to construct the AIB, rather than just an example. S 4 : Having multiple AIBs seems confusing. I think you really do need to describe how the linkages work. S 6: Why isn't this SHOULD a MUST? S 7: In the first sentence I would think that the user agent MUST verify the signature. I don't understand why the To header in the response should match the To header in the request? Maybe my SIP ignorance is showing here if the To/From headers don't swap, but maybe a note would help i that case. |
2003-12-17
|
03 | Steven Bellovin | [Ballot Position Update] New position, Discuss, has been recorded for by Steve Bellovin |
2003-12-16
|
03 | Jon Peterson | [Ballot Position Update] Position for Jon Peterson has been changed to Recuse from Abstain by Jon Peterson |
2003-12-16
|
03 | Jon Peterson | [Ballot Position Update] New position, Abstain, has been recorded for by Jon Peterson |
2003-12-16
|
03 | Ted Hardie | [Ballot comment] I found this text a little unclear: > Unsigned AIBs MUST NOT be honored by any recipients. I'd suggest changing it to say … [Ballot comment] I found this text a little unclear: > Unsigned AIBs MUST NOT be honored by any recipients. I'd suggest changing it to say that Unsigned AIBs should be treated according to the rules set out in Section 7 for AIBs that do not validate; if that doesn't make sense, then some clarifying text that explains what "MUST NOT be honored" will imply (identity not displayed? message discarded?) In this text: > Note that this means that the recipients of the > request, even if they are unable to inspect the AIBF, will still be > able to see who signed that body (although it will not necessarily be > obvious that the body contains an AIB). Does it really mean "inspect the AIB Format" or "inspect the AIB?" An example showing multiple AIBs (Section 4.) would be valuable, I believe. |
2003-12-16
|
03 | Ted Hardie | [Ballot Position Update] New position, No Objection, has been recorded for by Ted Hardie |
2003-12-16
|
03 | Russ Housley | [Ballot comment] s/atlanta.com/example.com/ s/biloxi.com/example.com/ s/here.com/example.com/ s/evil.tv/example.org/ In section 1, spell out first use of 'AIB'. |
2003-12-16
|
03 | Russ Housley | [Ballot Position Update] New position, No Objection, has been recorded for by Russ Housley |
2003-12-12
|
03 | Ned Freed | [Ballot comment] No IPR boilerplate |
2003-12-12
|
03 | Ned Freed | [Ballot Position Update] New position, No Objection, has been recorded for by Ned Freed |
2003-12-12
|
03 | Harald Alvestrand | [Ballot discuss] Formalism DISCUSS: This document does not contain a reference to RFC 2183 (content-disposition). |
2003-12-12
|
03 | Harald Alvestrand | [Ballot discuss] Formalism DISCUSS: This document does not contain the registration form specified for content-disposition parameters in RFC 2183. Neither does it contain a … |
2003-12-12
|
03 | Harald Alvestrand | [Ballot Position Update] New position, Discuss, has been recorded for by Harald Alvestrand |
2003-12-11
|
03 | Allison Mankin | Placed on agenda for telechat - 2003-12-18 by Allison Mankin |
2003-12-11
|
03 | Allison Mankin | State Changes to IESG Evaluation from Waiting for Writeup by Allison Mankin |
2003-12-11
|
03 | Allison Mankin | [Ballot Position Update] New position, Yes, has been recorded for Allison Mankin |
2003-12-11
|
03 | Allison Mankin | Ballot has been issued by Allison Mankin |
2003-12-11
|
03 | Allison Mankin | Created "Approve" ballot |
2003-11-28
|
03 | (System) | State has been changed to Waiting for Writeup from In Last Call by system |
2003-11-06
|
03 | Amy Vezza | Last call sent |
2003-11-06
|
03 | Amy Vezza | State Changes to In Last Call from Last Call Requested by Amy Vezza |
2003-11-06
|
03 | Allison Mankin | Last Call was requested by Allison Mankin |
2003-11-06
|
03 | Allison Mankin | State Changes to Last Call Requested from Publication Requested by Allison Mankin |
2003-11-06
|
03 | (System) | Ballot writeup text was added |
2003-11-06
|
03 | (System) | Last call text was added |
2003-11-06
|
03 | (System) | Ballot approval text was added |
2003-09-08
|
03 | Natalia Syracuse | State Changes to Publication Requested from AD is watching by Natalia Syracuse |
2003-07-02
|
02 | (System) | New version available: draft-ietf-sip-authid-body-02.txt |
2003-03-07
|
01 | (System) | New version available: draft-ietf-sip-authid-body-01.txt |
2002-12-04
|
03 | Allison Mankin | Draft Added by Mankin, Allison |
2002-10-31
|
00 | (System) | New version available: draft-ietf-sip-authid-body-00.txt |