[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] draft-ietf-sip-media-security-requirements-05

To: "Dan Wing" <dwing at cisco.com>
Subject: Re: [Sip] draft-ietf-sip-media-security-requirements-05
From: Eric Rescorla <ekr at networkresonance.com>
Date: Tue, 13 May 2008 11:13:37 -0700
Cc: 'IETF SIP List' <sip at ietf.org>, "'Fries, Steffen $CT$'" <steffen.fries at siemens.com>, 'Dean Willis' <dean.willis at softarmor.com>
Delivered-to: ietfarch-sip-web-archive at core3.amsl.com
Delivered-to: sip at core3.amsl.com
In-reply-to: <035c01c8b51e$f1ac8200$c3f0200a@cisco.com>
List-archive: <https://www.ietf.org/mailman/private/sip>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <066701c8af02$2445f8e0$c3f0200a@cisco.com> <20080506000110.499525081A@romeo.rtfm.com> <03f901c8afde$ee9398f0$c3f0200a@cisco.com> <62CA37AF-C3DD-49BE-9128-057711C78E81@voxeo.com> <20080513171527.4D4025081A@romeo.rtfm.com> <035c01c8b51e$f1ac8200$c3f0200a@cisco.com>
Sender: sip-bounces at ietf.org
User-agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)

At Tue, 13 May 2008 10:29:48 -0700,
Dan Wing wrote:
> > Consider two examples, both using TLS:
> > 
> > - HTTPS in the majority of cases is incompatible with manual 
> > establishment
> >   of peer credentials. You connect to a lot of different Web 
> > servers and
> >   it's not practical to obtain their certificates out of band.
> 
> But sometimes you have to.  And, fortunately, almost every HTTPS-capable
> client allows you to accept a certificate that isn't signed by a 
> CA that the HTTPS client trusts.  
> 
> For example, Firefox 3.0b5 complains about both of these certificates 
> for different reasons:
> 
>   https://www.softarmor.com
>   https://www.verisign.net

Agreed, which is why I said "a majority" instead of all.

There are certainly cases in which HTTPS can be safely used with
manually verified server credentials in the face of active attack, but
they're the exception, not the rule. The basic assumption of the
active attack protection in HTTPS is that the client can verify the
server's certificate based purely on the URI and a list of trust
anchors. Had it been suggested that the client had to get a
certificate out of band for every server he wanted to communicate
with, this would have been (rightly) criticized as unscalable.

-Ekr

_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

References:
- [Sip] draft-ietf-sip-media-security-requirements-05
  - From: Dan Wing
- Re: [Sip] draft-ietf-sip-media-security-requirements-05
  - From: Eric Rescorla
- Re: [Sip] draft-ietf-sip-media-security-requirements-05
  - From: Dan Wing
- Re: [Sip] draft-ietf-sip-media-security-requirements-05
  - From: Dan York
- Re: [Sip] draft-ietf-sip-media-security-requirements-05
  - From: Eric Rescorla
- Re: [Sip] draft-ietf-sip-media-security-requirements-05
  - From: Dan Wing

Prev by Date: Re: [Sip] draft-ietf-sip-media-security-requirements-05
Next by Date: Re: [Sip] draft-ietf-sip-outbound
Previous by thread: Re: [Sip] draft-ietf-sip-media-security-requirements-05
Next by thread: Re: [Sip] draft-ietf-sip-media-security-requirements-05
Index(es):
- Date
- Thread