Notes, SIPWG IETF57
by Alan Johnston (alan.johnston@mci.com)
July 16, 2003
Jon Peterson has retired as SIP co-chair.
Status of Drafts - Chairs
-------------------------
RFC 3515 REFER published
Volunteers to review a section of MIB: Orit Levin, Mary Barnes, Cullen
Jennings, and Kent (Rohan has his info).
Rohan will assign some more volunteers.
congest-safe - Proposal for author to remove UDP kludge. No
objections or discussion.
PUBLISH - Aki Niemi
-------------------
Open Issue: collision recovery. Proposed solution: query
principle, may subscribe to package.
No objections or discussion.
Open Issue: PUBLISH and dialogs. Proposed solution: add text
about dialogs, discourage reuse.
No objections or discussion.
Open Issue: atomicity. Proposed solution: relax restriction about
overlapping requests.
Comment: Go with a simpler model - all tuples are independent.
Solve using composition and authorization
instead of publication. Or, most recent publisher overrides any
others.
Comment: Agree with comment. Don't reinvent Webdav. Don't make
endpoint behavior too complex.
Comment: Agree with comment that this is an authorization problem.
Comment: Not clear we can relax overlap with congestion issues.
Author will take to the list for more discussion.
Resource Priority - Henning Schulzrinne
---------------------------------------
Issue: error handling. Proposed solution: 503 or 403 or 417
(Unknown Resource Priority - only if Require is used.
No objections or discussion.
Believed to be ready for WGLC
Comment: Pointers to name spaces are in draft.
Comment: Role based authorization is still moving forward.
Volunteers to review the next draft: Paul Kyzivat, Ben Campbell
Caller Prefs - Jonathan Rosenberg
---------------------------------
Issue in Callee Caps - URI-user and URI-domain - duplication. Use
a Device ID (Contact URI attribute) instead?
Comment: Device ID is interesting, but could be overloaded. Should
recommend
GRUU for attended transfer.
Comment: Expiration of device ID is unpredictible.
Conclusion: Quick list consensus on adding device ID. Recommend
GRUU instead for transfer case.
Caller Prefs
Comment: Ennumeration is better
Open Issue: redirection - RFC 3261 proxy merging q-values is
broken. Proposal: include text saying this.
Question: Do we need to mandate this? Questioner will send a
short use case to mailing list.
Open Issue: lost use cases due to changes.
Comment: This is a feature.
Comment: Can be done with multiple requests.
Conclusion: no changes needed.
Open Issues in Use Cases: No discussion.
Comment: Does basing on RFC 2533 provide any value?
Comment: Should RFC 2533 reference just be an informational reference?
SIP Identity - Jon Peterson
---------------------------
AIB - No issues or comments.
AES and S/MIME
Question: Should we redo S/MIME examples in RFC 3261?
Cullen Jennings could do some examples.
Comment: Base-64 encoding issue causes interoperability problems.
(Binary encoding is better)
Comment: No commercial SIP stacks support S/MIME and TLS.
Comment: There were 2 implementations of S/MIME at last SIPit.
History Info - Mary Barnes
--------------------------
Open Issue: Index. Proposal: Make it mandatory and clarify loose
routing behavior.
Open Issue: Internal Retargeting. Proposal: Include some
normative text and examples.
Open Issue: Privacy. Proposal: Add text.
Comment: Draft needs major clarification on privacy, redirection,
backwards compatibility, others.
Will discuss on list.
Comment: Include in security section - this header solves a useful
problem that a requestor could verify that
appropriate proxies have retargeted a request.
Securing SIP Identity Headers - Mary Barnes
-------------------------------------------
(SIPPING draft but discussed here for convenience)
Comment: Question on question not solution. Do we need to do this?
Comment: This is a type of middle-to-end security problem. We need to
solve this problem.
Comment: If we redid Proxy-Auth header, we would use a body instead of
a header.
Parameter Registry - Gonzalo Camarillo
--------------------------------------
Open Issue: Which URI parameters should be registered.
Comment: Do we want p-parameters?
Comment: Lets not make the same mistake twice.
Comment: Want to increase interoperability and avoid collisions.
Comment: To prevent conflicts during Internet-Draft stage, should use
this registry.
Comment: C language analgoy. Registry could be flooded with
requests. Should only register URI parameters
that are global in nature.
Comment: Have informal non-IANA registry instead (webpage)
Comment: Should do the same thing for parameters (headers and URIs) as
headers.
Comment: Similar to standardization of headers across protocols effort.
A Humm was taken which supported the creation IANA registry for a
parameter registry for RFC published parameters.
No consensus on the rest of the issue - more list discussion needed.
Connection Reuse - Rohan Mahy
-----------------------------
Open Issue: Clarity on which is original and which is alias.
Open Issue: Security - explaining Mutual TLS and digest
A Humm was taken which supported that people care about the work.
A Humm was taken which supported that this mechanism is reasonable.
Comment: Need to describe how to handle when multiple parties claim the
same alias (10.1.1.1).
A Humm was taken which supported that the chairs request a charter
modification to adopt as a WG item.
SIP Security and S/MIME - Cullen Jennings
-----------------------------------------
Comment: Mechanism could be used for certificate or raw keys.
Comment: Identity work avoided UAS having to do any PKI
operation. Identity document also only identifies the domain,
not the individual user.
Question: Does this work in both ways? Answer: Yes, but not
exactly.
Many more comments until we ran out of time.