End-to-middle Security in SIP draft-ietf-sip-e2m-sec-00.txt

1. End-to-middle Security in SIPdraft-ietf-sip-e2m-sec-00.txt Kumiko Ono NTT Corporation

2. Open Issues #1: UAC is expected to differently react with a 493 (Undecipherable) error, depending on its sender. • The error response doesn't include who the sender is. • Options: • A new error code for proxy, 496 Proxy Undecipherable • The same error code, use the URI in the PKC appended to the response. #2: How does a proxy request to disclose a specific Content-Type or the whole body? • In the current version, a proxy server responds with an error code and Warning header indicating which Content-Type is to be disclosed. i.e., “Warning: 380 proxy.com "Required to view ' application/sdp ‘” • There is no way to request the disclosure of whole body. • Proposal An error code without Warning header has the semantics of proxy’s requesting the disclosure of the whole body.

3. Open Issues (contd.) #3: Do we need the labeling mechanism to instruct a proxy server to validate the signature? • A minor usecase. • Options: 1. Leave it, 2. Drop it. #4: How does a UA know if the target proxy server complied to the UA’s request? • Options • Proxy adds a flag in the response. • Proxy rejects when it can’t comply to the UA’s request. 3. No need.

4. Next Steps • Any other open issues? • Can we get some experts’ review?