55th. IETF SPIRITS Working Group Meeting Notes Recorded by Vijay Gurbani. Reported by Alec Brusilovsky. SPIRITS WG met in the afternoon of Tuesday, November 19, 2002. Chairs: Steve Bellovin, Alec Brusilovsky Agenda: 1. Goals of the session - Alec Brusilovsky - 3 min. 2. Agenda bashing - General Discussion - 2 min. 3. Issues from the SPIRITS Protocol I-D - General Discussion - 15 min. source: http://www.ietf.org/internet-drafts/draft-ietf-spirits-protocol-03.txt 4. Issues from the SPIRITS Protocol Security I-D - General Discussion - 10 min source: http://www.ietf.org/internet-drafts/draft-ietf-spirits-security-00.txt 5. SPIRITS and mobility issues - General Discussion - 10 min. - need to address IS-41C mobility events (IS-41C operations, parameters and their encoding); one of the sources: http://www.ietf.org/internet-drafts/draft-moreno-mobility-events-01.txt, the next iteration of http://www.ietf.org/internet-drafts/draft-ietf-spirits-mobility-00.txt 6. Conclusions - General discussion - 5 min. 1, 2. Agenda accepted without any change. 3. Issues from the SPIRITS Protocol I-D Vijay Gurbani discussed the re-write of the SPIRITS protocol I-D to align with the non-call related events being generated by the network. Previous IDs discussed call-related events; i.e. events generated during making, receiving, or in the middle of a call. The new I-D proposes a new heirarchy for SPIRITS events which includes call-related and non-call related events. Furthermore, the IN DP I-D that just went through WGLC will be an example of how to realize services from call-related events. Other I-Ds in the WG, including the 2 location based I-Ds (one from Daniel Moreno and the other from Vijay Gurbani) can be used as non-normative examples of how to realize services from non-call related events. For non-call related events, a sub-branch of such events will be application-specific events; i.e. events not related to a call but for some particular application. The idea of converting an SMS to an SIP IM that has been proposed by Vijay at the last couple of IETF WGs would be an example of such an application-related service. 4. Issues from the SPIRITS Protocol Security I-D, Vijay Gurbani Raised the issues and requirements outlined in the security I-D. This I-D has been around since October but has not received any discussion on the WG mail list. It could benefit from such a discussion. On the question of using S/MIME or TLS: Steve Bellovin: If you want to secure the object you are transporting, use S/MIME. If you want to secure the transmission itself, use TLS. IPSec is useful if you want to secure other transports and protocols, but it would appear that TLS may be enough for SPIRITS security. Vijay: what if you want to do both; i.e. protect the contents as well as the transmission? Steve will provide more comments on the I-D. Also, a reference to the I-D has been sent to the Transport Areas security expert (Eric Rescorla). Eric will be getting back to us about more input. Issue - Question at mic: It would appear that the Internet host would want to authenticate the PSTN network as well as the latter authenticating the former. We should put this as a requirement. Answer: We conceivably could, but in a sense, the PSTN authenticating incoming REGISTERs or SUBSCRIBEs is more important. It is equally important that the subsequent INVITEs and NOTIFYs go to the right Internet host. How should we do that? Should we mandate that the Internet host have a "sips" URI? Also, symmetric authentication is a little hard in SPIRITS. Consider for instance that when an Internet host SUBSCRIBEs to some events, the PSTN authorizes it. However, the event that triggers the NOTIFY in state change will happen later. So, does the Internet host challenge the PSTN when it tries to send a NOTIFY? IThe point is that the transactions between the Internet host and the PSTN are not in contiguous time, but may be separated by an interval. Igor F: We should also remember that not all services may need authentication and security. 5. SPIRITS and Mobility Issues, Daniel Moreno, Vodafone. Daniel went orally through the I-D regarding GSM mobility events. His submission (updated I-D) did not make it in time to be included in this IETF proceedings. He is focusing more on GSM events in this I-D.We need to come up with a new I-D, describing elements of IS-41 based wireless environments. No more comments from the floor. WG meeting concluded. Respectfully submitted, Alec Brusilovsky