draft-ietf-speermint-requirements-08.txt   draft-ietf-speermint-requirements-09.txt 
SPEERMINT Working Group J-F. Mule SPEERMINT Working Group J-F. Mule
Internet-Draft CableLabs Internet-Draft CableLabs
Intended status: Informational October 26, 2009 Intended status: Informational October 26, 2009
Expires: April 29, 2010 Expires: April 29, 2010
SPEERMINT Requirements for SIP-based Session Peering SPEERMINT Requirements for SIP-based Session Peering
draft-ietf-speermint-requirements-08.txt draft-ietf-speermint-requirements-09.txt
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 13, line 37 skipping to change at page 13, line 37
The Look-Up Function (LUF) and Location Routing Function (LRF) are The Look-Up Function (LUF) and Location Routing Function (LRF) are
defined in [RFC5486]. They provide mechanisms for determining the defined in [RFC5486]. They provide mechanisms for determining the
SIP target address and domain the request should be sent to, and the SIP target address and domain the request should be sent to, and the
associated SED to route the request to that domain. associated SED to route the request to that domain.
o Requirement #15: o Requirement #15:
The protocols used to query the Lookup and Location Routing The protocols used to query the Lookup and Location Routing
Functions SHOULD support mutual authentication. Functions SHOULD support mutual authentication.
Motivations: Motivations:
A mutual authentication service is desirable for the LUF and LRF A mutual authentication service should be provided for the LUF and
protocol exchanges. The content of the response returned by the LRF protocol exchanges. The content of the response returned by
LUF and LRF may depend on the identity of the requestor: the the LUF and LRF may depend on the identity of the requestor: the
authentication of the LUF & LRF requests is therefore a desirable authentication of the LUF & LRF requests is therefore a desirable
property. Mutual authentication is also desirable: the requestor property. Mutual authentication is also desirable: the requestor
may verify the identity of the systems that provided the LUF & LRF may verify the identity of the systems that provided the LUF & LRF
responses given the nature of the data returned in those responses given the nature of the data returned in those
responses. Authentication also provides some protection for the responses. Authentication also provides some protection for the
availability of the LUF and LRF against attackers that would availability of the LUF and LRF against attackers that would
attempt to launch DoS attacks by sending bogus requests causing attempt to launch DoS attacks by sending bogus requests causing
the LUF to perform a lookup and consume resources. the LUF to perform a lookup and consume resources.
o Requirement #16: o Requirement #16:
The protocols used to query the Lookup and Location Routing The protocols used to query the Lookup and Location Routing
Functions MUST provide support for data confidentiality and Functions SHOULD provide support for data confidentiality and
integrity. integrity.
Motivations: Motivations:
Given the sensitive nature of the session establishment data Given the sensitive nature of the session establishment data
exchanged with the LUF and LRF functions, the protocol mechanisms exchanged with the LUF and LRF functions, the protocol mechanisms
chosen for the lookup and location routing should offer data chosen for the lookup and location routing should offer data
confidentiality and integrity protection (SED data may contain confidentiality and integrity protection (SED data may contain
user addresses, SIP URI, location of SIP entities at the user addresses, SIP URI, location of SIP entities at the
boundaries of SIP Service Provider domains, etc.). boundaries of SIP Service Provider domains, etc.).
o Notes on the solution space for Requirements #15 and #16: ENUM, o Notes on the solution space for Requirements #15 and #16: ENUM,
SIP and proprietary protocols are typically used today for SIP and proprietary protocols are typically used today for
accessing these functions. Even though SSPs may use lower layer accessing these functions. Even though SSPs may use lower layer
security mechanisms to guarantee some of those security security mechanisms to guarantee some of those security
properties, candidate protocols for the LUF and LRF must meet the properties, candidate protocols for the LUF and LRF should meet
above requirements. the above requirements.
5.2. Security Properties for the SIP signaling exchanges 5.2. Security Properties for the SIP signaling exchanges
The SIP signaling exchanges are out of scope of this document. This The SIP signaling exchanges are out of scope of this document. This
section describes some of the security properties that are desirable section describes some of the security properties that are desirable
in the context of SIP interconnects between SSPs without formulating in the context of SIP interconnects between SSPs without formulating
any normative requirements. any normative requirements.
In general, the security properties desirable for the SIP exchanges In general, the security properties desirable for the SIP exchanges
in an inter-domain context apply to session peering. These include: in an inter-domain context apply to session peering. These include:
 End of changes. 4 change blocks. 
7 lines changed or deleted 7 lines changed or added

This html diff was produced by rfcdiff 1.37a. The latest version is available from http://tools.ietf.org/tools/rfcdiff/