Hadriel, Thanks for writing this. However, in my opinion it still suffers from the same problem that we had with update-pai-06 (where we just said that the proxy must have authenticated the source of the response by some means) and update-pai-05 (where we cited one possible circumstance where authentication could be assumed, i.e., when an earlier request over the same TLS connection had been digest-authenticated). We received objections to 06 because it did not cite at least one example of how to achieve authentication and we received objections to 05 because the mechanism is broken (there could be an intermediary that terminates the TLS connection, so there is no guarantee that the UA that was previously authenticated is the same as the UA that sends the response). I think there are only two ways forward on this: 1. Somebody comes up with some text that describes a plausible way of achieving authentication using present mechanisms. For example, if my understanding is correct, I think the 3GPP mechanism relies on using the same credentials for authenticating the UA and the underlying transport, and hence the broken behaviour I described above does not apply. I really wanted somebody else to provide some text, and I had hoped Keith would do this. 2. We define a new mechanism. It has been stated that something based on sip-outbound might be possible, but I don't really know what people have in mind. As Cullen observes, this approach would most likely need to be pursued in SIP rather than SIPPING. John > -----Original Message----- > From: Hadriel Kaplan [mailto:HKaplan@xxxxxxxxxxxxxx] > Sent: 29 November 2008 17:51 > To: sipping > Cc: Elwell, John; Cullen Jennings > Subject: I-D Action:draft-kaplan-sipping-pai-responses-00.txt > > Howdy, > At the most recent IETF meeting in Minneapolis, we were > informed that a WG decision regarding support for PAI in > responses in draft-ietf-sipping-update-pai had been reached > on the mailing list, and the decision was not to support > them. I was instructed to submit a new draft if I wished to > propose any such support. I have now done so. > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-kaplan-sipping-pai-r > esponses-00.txt > > Of course any comments are welcomed and appreciated. > > -hadriel > p.s. and thanks to John Elwell for (unknowingly) providing > most of the text for this draft, since it is based on > draft-ietf-sipping-update-pai. > > _______________________________________________ Sipping mailing list https://www.ietf.org/mailman/listinfo/sipping This list is for NEW development of the application of SIP Use sip-implementors@xxxxxxxxxxxxxxx for questions on current sip Use sip@xxxxxxxx for new developments of core SIP
