ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Last Call: draft-peterson-rai-rfc3427bis (Change Process forthe Session Initiation Protocol (SIP)) to Proposed Standard]

2009-03-25 03:01:41
from [Spencer Dawkins] [Permanent Link] 
I'd like to echo Alan's point here...
4. In the security considerations of most SIP extensions, we inevitably end up referring to S/MIME. However, we know that there is no S/MIME deployments with SIP, essentially making the resulting security considerations irrelevant. Perhaps some guidance on practical security considerations would be worthwhile going forward, given the heavy reliance on hop-by-hop security and transitive trust in deployed SIP systems. 

We've got to quit pointing to S/MIME when we know that no one believes us!
The input I'm getting from SIPconnect/1.1 contributors is that they're not even excited about hop-by-hop TLS - a fair number of deployments are running wide open. I'm thinking this isn't going to end well. 

Thanks,
Spencer 

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Ietf Digest, Vol 10, Issue 77, aziz temmar
Next by Date:  Re: Subscriptions to "ietf-honest", Joe Abley
Previous by Thread:  Re: Last Call: draft-peterson-rai-rfc3427bis (Change Process for the Session Initiation Protocol (SIP)) to Proposed Standard], Alan Johnston
Next by Thread:  Query regarding Additional Mode transition logic for IR & IR-Dyn Packets (Interoperabilty), Chaitanya Pradeep
Indexes:  [Date] [Thread] [Top] [All Lists]