[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

connected-identity before 200 Ok

To: <sip@xxxxxxxx>
Subject: connected-identity before 200 Ok
From: "Dan Wing" <dwing@xxxxxxxxx>
Date: Fri, 16 Feb 2007 16:49:13 -0800
Authentication-results: sj-dkim-5; header.From=dwing@xxxxxxxxx; dkim=pass (s ig from cisco.com/sjdkim5002 verified; );
Cc: <ietf-rtpsec@xxxxxxx>, <john.elwell@xxxxxxxxxxx>, "Rob Raymond" <rob@xxxxxxxxxxxxxxx>
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=2067; t=1171673358; x=1172537358; c=relaxed/simple; s=sjdkim5002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@xxxxxxxxx; z=From:=20=22Dan=20Wing=22=20<dwing@xxxxxxxxx> |Subject:=20connected-identity=20before=20200=20Ok |Sender:=20; bh=X6EbXyhUY/o+b/zrvmapnN96sppyFutSpYyiwQLJscs=; b=weomqGaCFDdZhU9xbohCd+kl/ndhFvPPzjuWIbM1xolkIcXOONVmZBmXtM1HcPnnNE/7Togh ExgGnSSFwT+M0+zpJpJ0ZK9VfHTgb2QykJXLjn2XzhyE9ZEZe//T2s+k;
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx
Thread-index: AcdSLXFoQjRewdw7SBOzGfO6+ALjsA==

This message is a result of some offline discussions with Rob and ample
caffeine consumption on my part.  The concern is if PRACK is necessary in
order to use connected-identity before the call is answered in order to
avoid some of the attacks Robin brought up on RTPSEC.


Reading RFC3311 (SIP UPDATE), it says:

      o  If the UPDATE is being sent before completion of the initial
         INVITE transaction, and the initial INVITE contained an offer,
         the UPDATE can contain an offer if the callee generated an
         answer in a reliable provisional response, and the caller has
         received answers to any other offers it sent in either PRACK or
         UPDATE, and has generated answers for any offers it received in
         an UPDATE from the callee.

draft-ietf-sip-connected-identity seems to say you need to use PRACK if you
want connected-identity before the 200 Ok:

   After an early dialog has been formed, if the "from-change" option
   tag has been received in a Supported header field the UA MAY issue an
   UPDATE request (RFC 3311 [4]) on the same dialog, subject to having
   sent a reliable provisional response to the INVITE request and having
   received and responded to a PRACK request. 

Which I interpret to mean that the following is illegal, even if the SDP in
message 2 and 3 are identical:  

    Alice                      Bob
      |                         |
  1.  |--Invite with SDP offer->|
  2.  |<--183 with SDP answer---|  (183 is unreliable)
  3.  |<--UPDATE with SDP-------|
  4.  |---Ack Update----------->|

Please confirm that the above call flow is disallowed per the rules of
RFC3311 and per the rules of draft-ietf-sip-connected-identity.


Question:  would ICE's "poor-man's PRACK" (as I call it) be sufficient to
meet the needs of RFC3311 and -sip-connected-identity for a reliable
provisional response?  ICE's "poor-man's PRACK" is described in
<http://tools.ietf.org/html/draft-ietf-mmusic-ice-13#section-12.1>, around
the middle of section 12.1.

-d

Prev by Date: RE: Early arriving media before 200 OK
Previous by thread: Early and late rogue RTP packets
Index(es):
- Date
- Thread