Cullen, Thanks for your comments. See below. > -----Original Message----- > From: sipping-bounces@xxxxxxxx > [mailto:sipping-bounces@xxxxxxxx] On Behalf Of Cullen Jennings > Sent: 10 November 2008 02:09 > To: sipping > Subject: Comments on draft-ietf-sipping-update-pai-07 > > > I like this version it seems to have resolved many of the > things I was > worried about. > > One significant thing... > > Saying you can use PAI to authenticate registrations seems like an > update to 3261 not 3325. This seems like a pretty big change to SIP > security. I also have a hard time imagining the type of UA > that would > both need to register, and were in the Trust Domain. [JRE] I think the use case people who proposed this had in mind was an edge proxy authenticating the UA (which would indeed be outside its trust domain) and then forwarding the REGISTER request with PAI to the registrar. > > Nits. > > I don't recall 3325 being unclear on use of PAI in responses. It > explicitly did not define it - there not much unclear about that. [JRE] It definitely is unclear. It sometimes talks about SIP messages, without saying whether these are requests or responses or both. On that basis, it is hardly surprising that many have implemented PAI in responses. I should also add that there are some who are very dissatisfied with removal of the response stuff from the present draft, and I have asked them to provide a concrete example of how a response is authenticated (e.g., how 3GPP does it). This issue is not closed yet! John _______________________________________________ Sipping mailing list https://www.ietf.org/mailman/listinfo/sipping This list is for NEW development of the application of SIP Use sip-implementors@xxxxxxxxxxxxxxx for questions on current sip Use sip@xxxxxxxx for new developments of core SIP
