[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Sip] SIP Identity using Media Path

To: sip@xxxxxxxx
Subject: RE: [Sip] SIP Identity using Media Path
From: "Elwell, John" <john.elwell@xxxxxxxxxxx>
Date: Wed, 04 Jul 2007 08:37:32 +0100
Cc: ietf-rtpsec@xxxxxxx
In-reply-to: <061701c7bcda$9ec23a90$2014590a@xxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
References: <061701c7bcda$9ec23a90$2014590a@xxxxxxxxxxxxxx>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx
Thread-index: Ace82p2yNu6lfaNzQcq8BXk5gCIEoQBMzNng
Thread-topic: [Sip] SIP Identity using Media Path

Dan,

The mechanism described for ICE seems to provide an alternative to ICE's
password-based mechanism for correlating binding requests with
offer-answer exchanges. I have not seen any motivation for this
alternative.

John 

> -----Original Message-----
> From: Dan Wing [mailto:dwing@xxxxxxxxx] 
> Sent: 02 July 2007 19:56
> To: 'SIP Working Group'
> Cc: ietf-rtpsec@xxxxxxx
> Subject: [Sip] SIP Identity using Media Path
> 
> As many of you are aware, the signature created by SIP-Identity
> (RFC4474) breaks if an SBC or B2BUA modifies the SDP in the SIP body.
> Typically these modifications include changing the m/c lines (to
> direct the RTP media through the SBC itself, or through a transcoder),
> or performing other adjustments of the SDP to interwork with bugs and
> features of other SIP networks or other endpoints.
> 
> 
> I just submitted a draft, "SIP Identity using Media Path", which
> describes a mechanism that allows RFC4474-like signatures and also
> allows SBCs and B2BUAs to modify the message's SDP.  Links to HTML
> and plain text versions of the Internet Draft are below.
> 
> Abstract:
> 
>    The existing SIP identity mechanism (RFC4474) creates a signature
>    over the SIP body, including the entire SDP.  As part of 
> their normal
>    operation, Session Border Controllers (SBCs) and SIP Back-to-Back
>    User Agents (B2BUAs) modify various fields in the SDP, breaking the
>    signature.
> 
>    This document defines a new mechanism to securely identify the
>    originator of a SIP message while also allowing modification of the
>    SDP by SBCs and B2BUAs.  This new mechanism creates a 
> signature over
>    certain SIP headers and certain SDP lines.  Proof of identity over
>    the media path using DTLS, TLS, HIP, and an extension to ICE are
>    described.
> 
> Please send comments on this draft to the SIP mailing list at
> sip@xxxxxxxxx
> 
> -d
> 
> -----
> 
> HTML version: 
> http://tinyurl.com/25539z
> http://svn.resiprocate.org/rep/ietf-drafts/dwing/draft-wing-si
p-identity-med
> ia-00.html
> 
> plain text version: 
> http://tinyurl.com/2gldnv
> http://svn.resiprocate.org/rep/ietf-drafts/dwing/draft-wing-si
p-identity-med
> ia-00.txt
> 
> 
> 
> _______________________________________________
> Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
> This list is for NEW development of the core SIP Protocol
> Use sip-implementors@xxxxxxxxxxxxxxx for questions on current sip
> Use sipping@xxxxxxxx for new developments on the application of sip
>

Follow-Ups:
- RE: [Sip] SIP Identity using Media Path
  - From: Dan Wing

References:
- SIP Identity using Media Path
  - From: Dan Wing

Prev by Date: RE: [Sip] SIP Identity using Media Path
Next by Date: RE: [Sip] SIP Identity using Media Path
Previous by thread: RE: [Sip] SIP Identity using Media Path
Next by thread: RE: [Sip] SIP Identity using Media Path
Index(es):
- Date
- Thread