IETF 64 SIP Work Group Session I
Tuesday, November 08, 2005, 1pm - 3pm
Eric Burger, not so Humble Scribe
Agenda was bashed
=================
James Polk: Doesn't need to talk about Location Conveyance
New charter was reviewed
Charter deliverables were reviewed
==================================
Jonathan: Who Wants to promote SIP to Draft Standard?
Jon: Who Can promote SIP to Draft Standard?
Normative Dependency Rules make this unrealistic in our lifetimes.
Dean: This came in at end of IESG deliberation.
Neither Dean nor Rohan nor Jon asked for it. Jon doesn't remember it
coming up.
Jon recaps what it means to be Draft Standard. All Normative
Dependencies have to be at same level. All normative dependencies in
HTTP have to be at Draft Standard level.
Allison: newtrk may obsolete Draft Standard, any. Idea for Charter
Deliverable is to figure out WHAT are the Critical Supporting
Specifications.
JDR: That would be OK, but going to Draft is not.
Rohan: take discussion to list
Milestone Discussion, Status Update
===================================
Allison: MIB in Expert Review. Remember folks: it takes a long time to
get a MIB review, thus need fast turn around when you get the comments.
MIB doctors say to remove method identifiers. Method identifiers put in
at request of MIB doctors :(
Response Identity Draft
=======================
Not much feedback - need more feedback if this is important
SIP Certs Draft
===============
7 people plan on implementing it; Rohan will pick two reviewers
draft-elwell-sip-connected-identity-00
======================================
Discussion:
Rohan - changing To/From headers has lots of problems. Should use new
headers (the proposal in the draft). Problems with new headers is
philosophical, but no engineering problems.
Cullen - Likes changing To/From, over new header, because there are lots
of headers describing identity. That makes clients harder ("which
identity do I present to the user?")
JDR - Will changing To/From on the fly break your proxy? Room has a
minor problem.
RjS - SIPit reality is products break when one changes the whitespace in
a display name.
JDR - So what? Not our problem to patch around broken implementations.
Jon - Hard to determine when to use this idea of identity versus
"normal" identity mechanisms
RjS - In a vacuum, would allow modifying To/From, as that keeps it a
single place to look for identity information. If we go down path of
making To/From sane, then we have to figure out how to do backwards
compatibility.
Juri - Likes changing To/From; don't care about 2543 clients. 2543
itself is broken in terms of identity; somewhat fixed in 3261.
Dave O. - If we don't break backward-compatibility now, when will we?
Looks like a good time to make break. We can sell it if this is an
important feature. Thinks this one is a good one.
Jon - Original identity draft took step of saying that To/From should be
the identities. Like modifying From header request in network; doesn't
like modifying To header requests.
Cullen - worth looking into looking at putting in to 200 response
mechanism.
JDR - like identity service working in the To field; symmetric, saves a
round-trip, etc.
Hisham - Wouldn't this change identity header hash? Rohan - yes; you
recomputed it
Rohan: Proposal to go forward with Connected-Party, to change 3261 to
change From header in mid-dialog requests, leaving identity headers
intact.
Consensus on this proposal: allow changes to From headers (Pretty close;
very rough)
JDR: This is going to be an extension, not a blind change.
Cullen: need a draft to describe how this will work
Consensus on investigating To/From approach.
SIP-SAML Draft
==============
JDR: Document doesn't describe how to use SAML with SIP. Document that
is supposed to describe how to use SAML with SIP, but the document says,
there are lots of ways of using SAML with SIP.
Jon: Yes, it is underspecified today.
Dean: no consensus on making this a work group item
Answer and Alert Modes
======================
Cullen: two attacks: Whoopie Cushion attack and Bug My Office attack
Consensus is that this is important work.
RjS: Draft is a "train wreck" from a developer's point of view.
JDR: Use SAML; only allow it to work if you hold the Operator artifact.
Decision: Rip out Alert-Mode (use Alert-Info), use Caller Prefs. Do
lose baby monitor use case.
Trust Path Discovery
====================
Discussion: probably will be a combination of push at the high level /
service provider and query by the end-user
Scale is a big problem, e.g., one large ISP cannot physically compute
3-degree map for its own IM subscribers; there are simply too many.
Not a SIP issue, so we will be kept informed on list.
SPIT / SAML
===========
draft-schwartz-sipping-spit-saml-00
Discussion:
Hgs: Identity: what is useful how easy to get aliases for bad guys for
blacklists
-> looking for more / better meta information to help recipient chose to
accept / block call
Cullen: good start for lots of interesting work
Jon: draft makes this look like Domain problem; end users should have
control, too
Remote Call Control
===================
Editor arrested for DWI - Drafting While Intoxicated :)
Needs work, but is this worth doing?
JDR: this is CTI. Is that OK in SIP? JDR doesn't think so
Room consensus: in room of 200, 20 say yes, 2 say no.