Skip to main content

Example call flows using SIP security mechanisms
draft-jennings-sip-sec-flows-03

Revision differences

Document history

Date Rev. By Action
2015-10-14
03 (System) Notify list changed from fluffy@cisco.com, ono.kumiko@lab.ntt.co.jp, rsparks@nostrum.com, housley@vigilsec.com to housley@vigilsec.com, rsparks@nostrum.com
2009-07-20
03 (System) Ballot writeup text was added
2009-07-20
03 (System) Last call text was added
2009-07-20
03 (System) Ballot approval text was added
2009-07-20
03 (System) Document replaced by draft-ietf-sipping-sec-flows
2009-03-26
03 (System) Document replaced by draft-ietf-sip-sec-flows
2009-01-08
03 (System) Document has expired
2008-07-07
03 (System) This document has been resurrected.
2008-07-03
03 Cullen Jennings I-D Resurrection was requested by Cullen Jennings
2006-02-02
03 (System) State Changes to Dead from AD is watching by system
2006-02-02
03 (System) Document has expired
2005-11-14
03 Allison Mankin State Change Notice email list have been change to fluffy@cisco.com, ono.kumiko@lab.ntt.co.jp, rsparks@nostrum.com, housley@vigilsec.com from fluffy@cisco.com, ono.kumiko@lab.ntt.co.jp
2005-11-14
03 Allison Mankin Intended Status has been changed to Proposed Standard from None
2005-11-14
03 Allison Mankin
Russ's Discuss for the S/MIME example that used to be in the
SIPPING torture test - transferred into this document - need to verify
these …
Russ's Discuss for the S/MIME example that used to be in the
SIPPING torture test - transferred into this document - need to verify
these fixes and that the cert can be validated

  I decoded the CMS SignedData structure in [section 3.1.1.11], and it
  contains a few things that surprised me.

    - The encoding of the SHA-1 algorithm identifier is valid, but
      it is not the preferred form.  The preferred form omits the
      NULL parameters as is clearly stated in RFC 3370 in section 2.1,
      which says: "Implementations SHOULD generate SHA-1
      AlgorithmIdentifiers with absent parameters."

    - The S/MIME Capabilities advertise support for Triple-DES-CBC,
      RC2-128-CBC, RC2-64-CBC, RC2-40-CBC, and DES-CBC.  The last two
      algorithms are clearly deprecated.  I would like to see AES in
      this list.  RFC 3853 requires SIP support for AES.

  This signature cannot be properly validated without the trust anchor
  for the certificate issuer (OU=Sipit Test Certificate Authority,
  O=sipit, L=San Jose, ST=California, C=US).  The RSA public key is
  needed to validate the signature on the certificate
2005-10-19
03 Allison Mankin Draft Added by Allison Mankin in state AD is watching
2005-07-18
03 (System) New version available: draft-jennings-sip-sec-flows-03.txt
2005-02-21
02 (System) New version available: draft-jennings-sip-sec-flows-02.txt
2004-02-16
01 (System) New version available: draft-jennings-sip-sec-flows-01.txt
2003-10-21
00 (System) New version available: draft-jennings-sip-sec-flows-00.txt