draft-ietf-simple-message-sessions-00 Ben Campbell

Slides:

Advertisements

Similar presentations

Message Sessions Draft-campbell-simple-im-sessions-01 Ben Campbell

Advertisements

SIP and Instant Messaging. SIP Summit SIP and Instant Messaging What Does Presence Have to Do With SIP? How to Deliver.

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

RTSP Interoperability Bakeoff Ron Frederick

Web application architecture

Draft-campbell-dime-load- considerations-01 IETF 92 DIME Working Group Meeting Dallas, Texas.

Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)

SDP negotiation of DataChannel sub-protocols draft-ejzak-mmusic-data-channel-sdpneg-02 draft-ejzak-dispatch-msrp-usage-data-channel-01 IETF 91 Honolulu.

Network Security Essentials Chapter 5

Presented By Team Netgeeks SIP Session Initiation Protocol.

DNS SRV and NAPTR Use for SPEERMINT - Tom Creighton, Gaurav Khandpur Comcast SPEERMINT Intermin Meeting Philadelphia Sept

SIPREC draft-ietf-siprec-req-02 Requirements for Media Recording using SIP Draft authors: K. Rehor, A. Hutton, L. Portman, R. Jain, H. Lum IETF 78.5 Interim.

SIP working group IETF#70 Essential corrections Keith Drage.

IETF-81, Quebec City, July 25-29, 2011

SIP Performance Benchmarking draft-ietf-bmwg-sip-bench-term-01 draft-ietf-bmwg-sip-bench-meth-01 March 22, 2010 Prof. Carol Davids, Illinois Inst. of Tech.

Making SIP NAT Friendly Jonathan Rosenberg dynamicsoft.

SIP WG Open Issues IETF 50 Jonathan Rosenberg dynamicsoft.

SAML for SIP Hannes Tschofenig, Jon Peterson, James Polk, Douglas Sicker, Marcus Tegnander.

SIP-H.323 Interworking Group RRR-1 IETF-48 SIP-H.323 Interworking Requirements draft-agrawal-sip-h323-interworking-reqs-00.txt Hemant.

Magnus Westerlund 1 The RTSP Core specification draft-ietf-mmusic-rfc2326bis-06.txt Magnus Westerlund Aravind Narasimhan Rob Lanphier Anup Rao Henning.

TURN Jonathan Rosenberg Cisco Systems. Changes since last version Moved to behave terminology Many things moved into STUN –Basic request/response formation.

IETF 57 PANA WG PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt) Dan Forsberg, Yoshihiro Ohba, Basavaraj Patil, Hannes Tschofenig, Alper Yegin.

Open issues from SIP list Jonathan Rosenberg dynamicsoft.

MSRP & Relays Ben Campbell Cullen Jennings Rohan Mahy.

IETF68 DIME WG Open Issues for RFC3588bis Victor Fajardo (draft-ietf-dime-rfc3588bis-02.txt)

Session Traversal Utilities for NAT (STUN) IETF-92 Dallas, March 26, 2015 draft-ietf-tram-stunbis Marc Petit-Huguenin, Gonzalo Salgueiro.

MSRP Again! draft-ietf-simple-message- session-09.

March 20th, 2001 SIP WG meeting 50th IETF SIP WG meeting Overlap signalling handling

Draft-ietf-pim-port-03 wglc. WGLC responses Thomas suggested a long list of changes, mostly editorial –I believe I addressed all Dimitri also had comments.

K. Salah1 Security Protocols in the Internet IPSec.

Globally Identifiable Number (GIN) Registration Adam Roach draft-martini-roach-gin-01 IETF 77 – Anaheim, CA, USA March 22, 2010.

TLS/SSL Protocol Presented by: Vivek Nelamangala Includes slides presented by Miao Zhang on April Course: CISC856 - TCP/IP and Upper Layer Protocols.

Analysis on Two Methods in Ingress Local Protection.

SIP wg Items Jonathan Rosenberg dynamicsoft Caller Preferences: Changes Discussion of Redirects –Previous draft only proxy –Nothing different for redirect.

Firewalls, Network Address Translators(NATs), and H.323

ArcGIS for Server Security: Advanced

VPNs & IPsec Dr. X Slides adopted by Prof. William Enck, NCSU.

Chapter 7: Transport Layer

SIP Protocol overview SIP Workshop APAN Taipei Taiwan 23rd Aug 2005

End-to-middle Security in SIP

Installing TMG & Choosing a Client Type

IoT Integration Patterns, REST, and CoAP

Open issues with PANA Protocol

End-to-End Security for Primitives

PANA Discussion and Open Issues (draft-ietf-pana-pana-01.txt)

Hypertext Transfer Protocol

Cryptography and Network Security

ECRIT Interim: SIP Location Conveyance

ALTO Protocol draft-ietf-alto-protocol-14

Location SIP Servers –RFC 3261

Secure Sockets Layer (SSL)

draft-ietf-simple-message-session-09

Host of Troubles : Multiple Host Ambiguities in HTTP Implementations

Discussion: Messaging

Introduction to Networking

Working at a Small-to-Medium Business or ISP – Chapter 7

Internet Networking recitation #12

Working at a Small-to-Medium Business or ISP – Chapter 7

CS 457 – Lecture 10 Internetworking and IP

Working at a Small-to-Medium Business or ISP – Chapter 7

Migration-Issues-xx Where it’s been and might be going

SSL (Secure Socket Layer)

NSIS Operation Over IP Tunnels draft-shen-nsis-tunnel-01.txt

Updates to Draft Specification for DTN TCPCLv4

Jonathan Rosenberg dynamicsoft

Introduction to Network Security

draft-eckert-anima-noc-autoconfig-00 draft-eckert-anima-grasp-dnssd-01

HTTP Hypertext Transfer Protocol

Data Communications and Networks

Cryptography and Network Security

Presentation transcript:

draft-ietf-simple-message-sessions-00 Ben Campbell SIMPLE Interim Meeting May 2003

Name Change Formerly know as draft-campbell-simple-im- sessions-01 Name finally changed to reflect work group item status. Lots of changes based on feedback on previous version

No Connection Sharing Only TCP binding in this doc. Each Session gets its own connection. Single URL identifies the session. URI only needed in BIND and VISIT requests

Soft Session State BIND and VISIT now carry expiration times. Host device can shrink but not increase expiration time. RELEASE and LEAVE are eliminated. BIND and VISIT must be refreshed to keep session active past expiration.

SDP Changes Use of COMEDIA style direction attribute to determine which peer establishes the TCP connection. Greatly simplifies negotiating which peer hosts the session Allow “*” in format list meaning “prefer these but try anything”

URL Format Change Treats session ID as a resource, rather than as a user part. User part may identify user to connect as. Better reflects RFC2396 DNS SRV resolution Example: http:user@host.example.com:7777/sfo3s

Changed 2 relay semantics Introduced idea of “visiting relay” Visiting relay “proxies” the VISIT request. Inter-relay connection established at session setup.

Security Added MSRPS URL scheme Added digest authentication definition Removed MIKEY dependency for e2e protection. Key material carried in SDP k-lines

Open Issues

More than 2 Relays? This was an explicit non-requirement for design team. But, it may be easy to accomplish with current 2 relay semantics.

Single Connections Currently have a single, bi-directional connection per session. Causes response to get blocked by requests in the same direction. Do we need a separate connection for each direction? Both connections would be opened in the direction indicated by the direction attribute.

SDP Format List Current wording overloads format list to give both envelope and contents. Should envelope be specified some other way? Cullen suggests that we make the * semantics default operation. This would not allow 'these only' semantics.

SDP M-Line Draft says to ignore port field Cannot really do this, as a zero in the port implies rejecting the stream Adam suggests picking a standard dummy value for normal usage, keeping the zero semantic.

Message Framing Currently require message size in start line. Requires sender to know size in advance. Does not allow sender to start sending before completion of message composition. Cullen suggests a “zero” value in the size field to indicate the message size is unknown, and the receiver must scan for delimiters.

DNS Issues How do we choose an A RR when multiple returned? Ted pointed us to RFC1794, which seems to indicate we should use them in the order returned. Do we need NAPTR to determine protocol? Current draft assumes protocol always determined prior to DNS queries.

Authentication of VISIT Should we encourage digest auth of VISIT? Include temp, single-use credentials in the session URL in SDP?

Digest Authentication Should we add Tr-ID and S-URI to hash? MD5 vs SHA1 Do we need to handle multiple challenges to single request? Only makes sense for VISIT Implies need for realm. Would benefit from security review.

TLS Usage How do we signal TLS usage? Currently through MSRPS URL scheme. Currently use proto field to determine transport protocol (i.e. tcp), not to determine TLS usage An A-line attribute has been suggested. Do we use _tls as protocol in SRV queries? If so, how do you specify actual transport protocol? Since TLS support is required, is this needed at all?

TLS Usage Is TLS hop-by-hop, or tunneled across relays. Tunneling approach would be similar to HTTPS over proxies. End-to-End protection. Requires server cert at host endpoint. Complicates protection of VISIT requests Hop-by-Hop approach No endpoint certs required Easier to handle VISIT protection

TLS Usage Need to specify required cypher suites

CMS Usage Probably need to say more about how key material is transfered. Do we need to say more about use of symmetric crypto in CMS CMS usage probably needs security expert review

Scalability Relay scalability is reduced by not allowing shared connections. Primary scaling story is based on e2e usage. Does draft need to talk more about scalability issues and design approaches?

Default Port Do we need one? Not really needed by protocol Might be useful for firewall configuration

Discovering Need For Relay Cullen asks if we need a way to discover whether a relay is needed or not. Explicit non-requirement for original design team Should we allow relay discovery via SRV query, rather than requiring explicit configuration?

Timer Values Timers implied for: Soft-State expiration. Transaction timeouts Should we recommend default timer values?

IANA Considerations What needs to be registered? SDP attributes? Port? (if we have one)

Naming of BIND Cullen likes Listen Robert wants to stay with BIND I don't want to change this unless people just hate BIND.

Hosting Requirements Do we need to determine must-support requirements for the various host scenarios?