[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Sip] SIP Identity using Media Path

To: <sip@xxxxxxxx>
Subject: RE: [Sip] SIP Identity using Media Path
From: "Christer Holmberg (JO/LMF)" <christer.holmberg@xxxxxxxxxxxx>
Date: Tue, 3 Jul 2007 00:26:54 +0200
Cc: <ietf-rtpsec@xxxxxxx>
In-reply-to: <061701c7bcda$9ec23a90$2014590a@xxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
References: <061701c7bcda$9ec23a90$2014590a@xxxxxxxxxxxxxx>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx
Thread-index: Ace82p2yNu6lfaNzQcq8BXk5gCIEoQAHC+iw
Thread-topic: [Sip] SIP Identity using Media Path


Hi Dan,

Chapter 9 says:

"in order for the mechanism to work, SBC-type-of-entities must permit DTLS, TLS, ICE, or HIP messages to be exchanged in the media path."

A small question for clarification: at what point must this exchange (two-way, I assume) work? As soon as the UAS has received the INVITE?

Regards,

Christer


> -----Original Message-----
> From: Dan Wing [mailto:dwing@xxxxxxxxx] 
> Sent: 2. heinäkuuta 2007 21:56
> To: 'SIP Working Group'
> Cc: ietf-rtpsec@xxxxxxx
> Subject: [Sip] SIP Identity using Media Path
> 
> As many of you are aware, the signature created by SIP-Identity
> (RFC4474) breaks if an SBC or B2BUA modifies the SDP in the SIP body.
> Typically these modifications include changing the m/c lines 
> (to direct the RTP media through the SBC itself, or through a 
> transcoder), or performing other adjustments of the SDP to 
> interwork with bugs and features of other SIP networks or 
> other endpoints.
> 
> 
> I just submitted a draft, "SIP Identity using Media Path", 
> which describes a mechanism that allows RFC4474-like 
> signatures and also allows SBCs and B2BUAs to modify the 
> message's SDP.  Links to HTML and plain text versions of the 
> Internet Draft are below.
> 
> Abstract:
> 
>    The existing SIP identity mechanism (RFC4474) creates a signature
>    over the SIP body, including the entire SDP.  As part of 
> their normal
>    operation, Session Border Controllers (SBCs) and SIP Back-to-Back
>    User Agents (B2BUAs) modify various fields in the SDP, breaking the
>    signature.
> 
>    This document defines a new mechanism to securely identify the
>    originator of a SIP message while also allowing modification of the
>    SDP by SBCs and B2BUAs.  This new mechanism creates a 
> signature over
>    certain SIP headers and certain SDP lines.  Proof of identity over
>    the media path using DTLS, TLS, HIP, and an extension to ICE are
>    described.
> 
> Please send comments on this draft to the SIP mailing list at 
> sip@xxxxxxxxx
> 
> -d
> 
> -----
> 
> HTML version: 
> http://tinyurl.com/25539z
> http://svn.resiprocate.org/rep/ietf-drafts/dwing/draft-wing-si
> p-identity-med
> ia-00.html
> 
> plain text version: 
> http://tinyurl.com/2gldnv
> http://svn.resiprocate.org/rep/ietf-drafts/dwing/draft-wing-si
> p-identity-med
> ia-00.txt
> 
> 
> 
> _______________________________________________
> Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
> This list is for NEW development of the core SIP Protocol Use 
> sip-implementors@xxxxxxxxxxxxxxx for questions on current sip 
> Use sipping@xxxxxxxx for new developments on the application of sip
>

Follow-Ups:
- RE: [Sip] SIP Identity using Media Path
  - From: Dan Wing

References:
- SIP Identity using Media Path
  - From: Dan Wing

Prev by Date: SIP Identity using Media Path
Next by Date: RE: [Sip] SIP Identity using Media Path
Previous by thread: SIP Identity using Media Path
Next by thread: RE: [Sip] SIP Identity using Media Path
Index(es):
- Date
- Thread