--- 1/draft-ietf-speermint-requirements-08.txt 2009-10-26 20:12:27.000000000 +0100 +++ 2/draft-ietf-speermint-requirements-09.txt 2009-10-26 20:12:27.000000000 +0100 @@ -1,18 +1,18 @@ SPEERMINT Working Group J-F. Mule Internet-Draft CableLabs Intended status: Informational October 26, 2009 Expires: April 29, 2010 SPEERMINT Requirements for SIP-based Session Peering - draft-ietf-speermint-requirements-08.txt + draft-ietf-speermint-requirements-09.txt Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. @@ -502,51 +502,51 @@ The Look-Up Function (LUF) and Location Routing Function (LRF) are defined in [RFC5486]. They provide mechanisms for determining the SIP target address and domain the request should be sent to, and the associated SED to route the request to that domain. o Requirement #15: The protocols used to query the Lookup and Location Routing Functions SHOULD support mutual authentication. Motivations: - A mutual authentication service is desirable for the LUF and LRF - protocol exchanges. The content of the response returned by the - LUF and LRF may depend on the identity of the requestor: the + A mutual authentication service should be provided for the LUF and + LRF protocol exchanges. The content of the response returned by + the LUF and LRF may depend on the identity of the requestor: the authentication of the LUF & LRF requests is therefore a desirable property. Mutual authentication is also desirable: the requestor may verify the identity of the systems that provided the LUF & LRF responses given the nature of the data returned in those responses. Authentication also provides some protection for the availability of the LUF and LRF against attackers that would attempt to launch DoS attacks by sending bogus requests causing the LUF to perform a lookup and consume resources. o Requirement #16: The protocols used to query the Lookup and Location Routing - Functions MUST provide support for data confidentiality and + Functions SHOULD provide support for data confidentiality and integrity. Motivations: Given the sensitive nature of the session establishment data exchanged with the LUF and LRF functions, the protocol mechanisms chosen for the lookup and location routing should offer data confidentiality and integrity protection (SED data may contain user addresses, SIP URI, location of SIP entities at the boundaries of SIP Service Provider domains, etc.). o Notes on the solution space for Requirements #15 and #16: ENUM, SIP and proprietary protocols are typically used today for accessing these functions. Even though SSPs may use lower layer security mechanisms to guarantee some of those security - properties, candidate protocols for the LUF and LRF must meet the - above requirements. + properties, candidate protocols for the LUF and LRF should meet + the above requirements. 5.2. Security Properties for the SIP signaling exchanges The SIP signaling exchanges are out of scope of this document. This section describes some of the security properties that are desirable in the context of SIP interconnects between SSPs without formulating any normative requirements. In general, the security properties desirable for the SIP exchanges in an inter-domain context apply to session peering. These include: