Skip to main content

Certificate Management Service for the Session Initiation Protocol (SIP)
RFC 6072


(Robert Sparks)

No Objection

(Adrian Farrel)
(Dan Romascanu)
(Jari Arkko)
(Lisa Dusseault)
(Pasi Eronen)
(Ralph Droms)
(Ron Bonica)
(Ross Callon)
(Russ Housley)


(Cullen Jennings)

No Record

(Tim Polk)

Note: This ballot was opened for revision 15 and is now closed.

Lars Eggert
(was Discuss) No Objection
Comment (2009-10-16)
Section 6.5., paragraph 3:
>    Implementations which generate large notifications are reminded to
>    follow the message size restrictions for unreliable transports
>    articulated in Section 18.1.1 of SIP.

  It's pretty much guaranteed that NOTIFYs that have S/MIME certs in
  them will be longer than 1300 bytes. It's also pretty much guaranteed
  that the clients will have no idea of the PMTU. According to Section
  18.1.1 of RFC3261 this means that these will need to be sent over TCP.
  How many stacks are really going to support this "upconversion" to
  TCP? I was under the impression that TCP support wasn't really there?

  (I may upgrade this to a discuss, but let's see.)
Alexey Melnikov Former IESG member
(was Discuss, No Record, Discuss) Yes
Yes (2010-03-05)
This part was a DISCUSS:

In Section 7.5:

   The NOTIFY MUST contain a multipart/mixed (see [RFC2046]) body that
   contains both an application/pkix-cert body with the certificate and
   an application/pkcs8 body that has the associated private key
   information for the certificate.  The Content-Disposition MUST be set
   to "signal" as defined in [RFC3204].

   A future extension MAY define other NOTIFY bodies.  If no "Accept"
   header field is present in the SUBSCRIBE, the body type defined in
   this document MUST be assumed.

Question: does the Accept header field body contains "multipart/mixed"
or "application/pkcs8"? How would this work for future extensions if
there is a need to return other media types inside a top level "multipart/mixed"?


4.  UA Behavior with Certificates

   The Subscriber needs to decide how long it is willing to trust that
   the certificate it receives is still valid.  If the certificate is
   revoked before it expires, the Notifier will send a notification with
   an empty body to indicate that the certificate is no longer valid.
   If the certificate is renewed before it expires, the Notifier will
   send a notification with a body containing the new certificate.

It would be nice to state the assumption that there is only one certificate per user at any given time earlier in the document.

6.12.  State Agents and Lists

   The certificate server described in this section which serves
   certificates is a state agent and implementations of the certificate
   server MUST be implemented as a state agent.

Question: which document defines the "state agent" term?

7.6.  Subscriber Generation of SUBSCRIBE Requests

   The UA needs to authenticate with the credential service for these
   operations.  The UA MUST use TLS to directly connect to the server
   acting as the credential service or to a server that is authoritative
   for the domain of the credential service.  The UA MUST NOT connect
   through an intermediate proxy to the credential service.

Last sentence: it would be helpful if the document pointed out
how to achieve this.

7.10.  Notifier Processing of PUBLISH Requests

   If the Subscriber submits a PUBLISH request with no body, this
   revokes the current credentials and causes all subscriptions to the
   credential package to be deactivated as described in the previous

I think you need an explicit section reference number here, section 7.9 is talking about something else.

In Section 9.5:

   The PKCS#8 in the clients MUST implement PBES2 with a key derivation
   algorithm of PBKDF2 using HMAC with SHA1

I think this needs references to HMAC and SHA1 documents.

   and an encryption algorithm
   of DES-EDE2-CBC-Pad as defined in [RFC2898].  It is RECOMMENDED that
   this profile be used when using PKCS#8.  A different passphrase
   SHOULD be used for the PKCS#8 encryption than is used for server
Robert Sparks Former IESG member
Yes ()

Adrian Farrel Former IESG member
No Objection
No Objection ()

Dan Romascanu Former IESG member
No Objection
No Objection ()

Jari Arkko Former IESG member
No Objection
No Objection ()

Lisa Dusseault Former IESG member
No Objection
No Objection ()

Pasi Eronen Former IESG member
(was Discuss, No Objection) No Objection
No Objection ()

Ralph Droms Former IESG member
No Objection
No Objection ()

Ron Bonica Former IESG member
No Objection
No Objection ()

Ross Callon Former IESG member
No Objection
No Objection ()

Russ Housley Former IESG member
(was Discuss) No Objection
No Objection ()

Sean Turner Former IESG member
(was Discuss) No Objection
No Objection (2010-06-21)
#1) From [RFC5280]:
Throughout: r/self signed/self-signed
Throughout: r/certificate authority/certification authority
Throughout: r/certificate authorities/certification authorities
Throughout: Use either subjectAltName or SubjectAltName; use is mixed throughout the I-D.

#2) Section 2: r/A password used to encrypt/A password used to encrypt and decrypt

#3) Section 3: There are three styles of deployment.  For some protocols, there are statements about what the servers MUST support. I'm not sure how it's done in SIP, are servers required to support all three styles or are they allowed to pick and choose?  

#4) Section 5: Assuming you're talking about encrypting the private key and sticking it in a PKCS#8: r/The UA MAY encrypt the private key with a password phrase supplied by the user./The UA MAY encrypt the private key with a password phrase supplied by the user, as specified in Section 10.5.

#5) Section 6.11: r/certificate server/credential server (X2)

#6) Section 7.4: [RFC5208] is obsoleted by [I-D.turner-asymmetrickeyformat]: r/ The application/pkcs8 body contains a DER-encoded [I-D.turner-asymmetrickeyformat]

#7) Section 7.8: (yes I know this is nitty - the flag is actually "cA"): r/CA/cA

#8) Section 7.9: r/If a CA Basic Constraint is set in the certificate, it is set to false./If a cA Basic Constraint flag is set in the certificate, it is set to false.

#9) Section 8: r/SHA1/SHA-1 and r/SHA256/SHA-256

#10) Section 9.1: I know the public key is in the certificate, but I think you meant certificate not public key: r/Alice's public and private keys/Alice's certificate and private key 

#11) Section 10.3: r/trust CA/trust certification authority (CA)

#12) Section 10.5: r/per-standard/pre-standard

#13) Section 10.5: In the last sentence, shouldn't that be client authentication?  That is the client should use a different password to protect their private key than they use when they authenticate themselves to the server?

#14) Section 10.6: Should the "should" be "SHOULD" in the first sentence?

#15) Section 13.1: delete reference to RFC 5208

#16) Section 10.6: I know it's in section 5, but is it worth repeating the bit about generating keys with random #s?
Cullen Jennings Former IESG member
Recuse ()

Tim Polk Former IESG member
(was No Objection, No Record, Discuss) No Record
No Record ()