Re: Additional use cases? (Re: Plan for moving forward)

[Hannes Tschofenig <Hannes.Tschofenig@xxxxxxx>]

Can give us a hint what needs to be improved in 
draft-fischl-sipping-media-dtls?

I re-read this mailing list discussion again and I am not sure whether I 
could add something based on what was discussed.

Ciao
Hannes

Francois Audet wrote:
> I think just "beefing up" this draft would be the best way to address
> the problem. 
>
>   
> > -----Original Message-----
> > From: jason.fischl@xxxxxxxxx [mailto:jason.fischl@xxxxxxxxx] 
> > On Behalf Of Jason Fischl
> > Sent: Thursday, June 07, 2007 18:20
> > To: Dan Wing
> > Cc: Audet, Francois (SC100:3055); Eric Rescorla; Lakshminath 
> > Dondeti; ietf-rtpsec@xxxxxxx; Sam Hartman; Tim Polk; 
> > jon.peterson@xxxxxxxxxxx; Cullen Jennings
> > Subject: Re: Additional use cases? (Re: Plan for moving forward)
> >
> > Actually, draft-fischl-sipping-media-dtls does mention SIP-Identity.
> >
> > e.g.
> >
> >   The media is transported over a mutually authenticated DTLS session
> >    where both sides have certificates.  The certificate 
> > fingerprints are
> >    sent in SDP over SIP as part of the offer/answer exchange.  The SIP
> >    Identity mechanism [I-D.ietf-sip-identity] is used to provide
> >    integrity for the fingerprints.  It is very important to note that
> >    certificates are being used purely as a carrier for the public keys
> >    of the peers.  This is required because DTLS does not have 
> > a mode for
> >    carrying bare keys, but it is purely an issue of formatting.  The
> >    certificates can be self-signed and completely self-generated.  All
> >    major TLS stacks have the capability to generate such 
> > certificates on
> >    demand.  However, third party certificates MAY also be 
> > used for extra
> >    security.
> >
> > On 6/7/07, Dan Wing <dwing@xxxxxxxxx> wrote:
> >     
> > > ...
> > >       
> > > > I think we'll have to write up a "high level" description on how 
> > > > these pieces fit together.
> > > >         
> > > I believe draft-fischl-sipping-media-dtls is a good start on such a 
> > > document (although it doesn't mention SIP-Identity), but Cullen did 
> > > indicate Jon Peterson owns the token for that work:
> > >
> > >     > -----Original Message-----
> > >     > From: owner-ietf-rtpsec@xxxxxxxxxxxx
> > >     > [mailto:owner-ietf-rtpsec@xxxxxxxxxxxx] On Behalf
> > >     > Of Cullen Jennings
> > >     > Sent: Friday, May 11, 2007 10:43 AM
> > >     > To: ietf-rtpsec@xxxxxxx
> > >     > Subject: Plan for moving forward
> > >     ...
> > >     >
> > >     >  RAI/SEC
> > >     >  Write overview document on how SIP UA can secure
> > >     >  media using  combination of DTLS/SRTP, SDP Fingerprint,
> > >     >  Identity, Outbound, and  Digest and TLS for SIP. This
> > >     >  document will not describe new  mechanisms, it just
> > >     >  provides the roadmap of how they all fit together.  Jon
> > >     >  Peterson has the token to start this.
> > >     >
> > >
> > > -d
> > >
> > >
> > >