[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Sip] SIP Identity using Media Path
Chapter 9 says:
"in order for the mechanism to work, SBC-type-of-entities must permit DTLS, TLS, ICE, or HIP messages to be exchanged in the media path."
A small question for clarification: at what point must this exchange (two-way, I assume) work? As soon as the UAS has received the INVITE?
> -----Original Message-----
> From: Dan Wing [mailto:dwing@xxxxxxxxx]
> Sent: 2. heinäkuuta 2007 21:56
> To: 'SIP Working Group'
> Cc: ietf-rtpsec@xxxxxxx
> Subject: [Sip] SIP Identity using Media Path
> As many of you are aware, the signature created by SIP-Identity
> (RFC4474) breaks if an SBC or B2BUA modifies the SDP in the SIP body.
> Typically these modifications include changing the m/c lines
> (to direct the RTP media through the SBC itself, or through a
> transcoder), or performing other adjustments of the SDP to
> interwork with bugs and features of other SIP networks or
> other endpoints.
> I just submitted a draft, "SIP Identity using Media Path",
> which describes a mechanism that allows RFC4474-like
> signatures and also allows SBCs and B2BUAs to modify the
> message's SDP. Links to HTML and plain text versions of the
> Internet Draft are below.
> The existing SIP identity mechanism (RFC4474) creates a signature
> over the SIP body, including the entire SDP. As part of
> their normal
> operation, Session Border Controllers (SBCs) and SIP Back-to-Back
> User Agents (B2BUAs) modify various fields in the SDP, breaking the
> This document defines a new mechanism to securely identify the
> originator of a SIP message while also allowing modification of the
> SDP by SBCs and B2BUAs. This new mechanism creates a
> signature over
> certain SIP headers and certain SDP lines. Proof of identity over
> the media path using DTLS, TLS, HIP, and an extension to ICE are
> Please send comments on this draft to the SIP mailing list at
> HTML version:
> plain text version:
> Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
> This list is for NEW development of the core SIP Protocol Use
> sip-implementors@xxxxxxxxxxxxxxx for questions on current sip
> Use sipping@xxxxxxxx for new developments on the application of sip