IETF 65 Session Initiation Working Group Session 1 notes��

IETF 65 Session Initiation Working Group Session 1 notes

Recorded by David Bryyan

Edited further by Keith Drage

1300 Agenda Bash Announcements Chairs This Doc

----------

Connection Reuse Vijay Gurbani, Rohan Mahy HYPERLINK "http://www.ietf.org/internet-drafts/draft-ietf-sip-connect-reuse-05.txt" draft-ietf-sip-connect-reuse-05

Issue: Virtual Hosting 1 – Problem with identifying domain of proxy requesting a TLS connection for white list, black list access control logic when a proxy supports multiple domains.

Issue: Virtual Hosting 2 – Problem with the alias being shared.

Question – Is virtual hosting a requirement.

Resolution: Need to take a look at virtual hosting before finishing WGLC.

----------

Outbound Cullen Jennings HYPERLINK "http://www.ietf.org/internet-drafts/draft-ietf-sip-outbound-02.txt" draft-ietf-sip-outbound-02

Issue: Concern with configuration of outbound-proxy-set

Resolution: Consider it out of scope for this document.

Issue: Tow algorithms for generating a flow token.

Resolution: Leave it like it is.

Issue: NAT keepalives for TCP-based transports

Alternatives:

SIP PING method – special SIP method, modified SIP processing for performance reasons

Operating System TCP KeepAlive

Double CLRF request and CRLF response

STUN – requires protocol demuxing on the same port

Proposal:

Do STUN for TCP and UDP

Do CRLF for TCP and STUN for UDP

TCP KeepAlive if supported, 1 or 2 otherwise

Resolutions:

OS TCP KeepAlive should be used if the client supports it.

Need something more because OS TCP KeepAlive is not supported in every client OS.

Consensus to use STUN for UDP

Consensus to use STUN for TCP

----------

GRUU Jonathan Rosenberg HYPERLINK "http://www.jdrosen.net/papers/draft-ietf-sip-gruu-07.txt" draft-ietf-sip-gruu-07

Issue: None

Resolution: Ready for working group last call.

----------

TLS with SIP Vijay Gurbani HYPERLINK "http://www.ietf.org/internet-drafts/draft-gurbani-sip-tls-use-00.txt" draft-gurbani-sip-tls-use

Issue: Cert doesn’t say that the sender of the request is authorized to be a SIP proxy for that domain. Discussion of whether it is even an issue, some say yes and some say no.

Resolution: I think the resolution is that it is not an issue. If a cert is received for a domain, then that is what is used to determine if the sender is authorized to send the request.

Issue: Mutual authentication – can RFC3261 do more on mutual auth? Using DNS to verify received IP address points to the sending host. Question of whether using DNS to verify the ip address adds any security.

Resolution: Take it to the list.

No time to discuss other issues.

----------

Location Conveyance James Polk, Brian Rosen HYPERLINK "http://www.ietf.org/internet-drafts/draft-ietf-sip-location-conveyance-02.txt" draft-ietf-sip-location-conveyance-02

Issue: Meaning of 424 bade location response.

Resolution: Unsure.

Proposal: It is legal to have more then one location indications. The text will say the what that means is outside the scope of the spec.

Resolution: Agreed.