[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Sip] SIP Identity using Media Path

To: "'Hans Persson'" <hasse@xxxxxxxxxx>
Subject: RE: [Sip] SIP Identity using Media Path
From: "Dan Wing" <dwing@xxxxxxxxx>
Date: Wed, 4 Jul 2007 10:01:19 -0700
Authentication-results: rtp-dkim-1; header.From=dwing@xxxxxxxxx; dkim=pass ( sig from cisco.com/rtpdkim1001 verified; );
Cc: "'Christer Holmberg \(JO/LMF\)'" <christer.holmberg@xxxxxxxxxxxx>, <sip@xxxxxxxx>, <ietf-rtpsec@xxxxxxx>
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1285; t=1183568481; x=1184432481; c=relaxed/simple; s=rtpdkim1001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@xxxxxxxxx; z=From:=20=22Dan=20Wing=22=20<dwing@xxxxxxxxx> |Subject:=20RE=3A=20[Sip]=20SIP=20Identity=20using=20Media=20Path |Sender:=20 |To:=20=22'Hans=20Persson'=22=20<hasse@xxxxxxxxxx>; bh=37yz3HAlzBV5X0Kbj5Plxo9bbSL2trbUGUxFteamaL8=; b=O34w1MU7Qtt7VomGgeOOcQGl+fqsxYGbRbNYdIzDzxDKI5DJutrmDH+vZ42k8Fi8ECKhX6Re eMZrIFDxqU4gNxGEi1oXb0Z8tnKvDgofGXKnXmc98ik/HZpRrMuEgNFe;
In-reply-to: <1183541118.30723.49.camel@xxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx
Thread-index: Ace+HU7gUtOIr1U8TCOijEQKnlmCdAAPklhQ

> mån 2007-07-02 klockan 16:04 -0700 skrev Dan Wing:
> 
> > > Chapter 9 says:
> > > 
> > > "in order for the mechanism to work, SBC-type-of-entities 
> > > must permit DTLS, TLS, ICE, or HIP messages to be exchanged 
> > > in the media path."
> > > 
> > > A small question for clarification: at what point must this 
> > > exchange (two-way, I assume) work? As soon as the UAS has 
> > > received the INVITE?
> > 
> > Yes.
> 
> I think this will have a much better chance of succeeding if the
> specification requires this exchange to use the same source and
> destination ports as the media that will later be sent on the same
> channel.

Yes, that is how HIP's key exchange, TLS, DTLS-SRTP, and ICE
all function.

> If not, an SBC may lock onto this stream and reject 
> media from other sources.

Yes, I agree that will give the best chance.  Of course, it is
always possible for an SBC (or firewall) to block such messages 
anyway (as has been discussed on the RTPSEC mailer).

-d


> Hans
> 
> -- 
> Hans Persson <hasse@xxxxxxxxxx>    Ingate - Firewalls with SIP & NAT
> Ingate Systems AB  +46 13 210857   http://www.ingate.com/
> 
> Private: <unicorn@xxxxxxxxxxxxxx>  
> http://www.lysator.liu.se/~unicorn/

Prev by Date: RE: [Sip] SIP Identity using Media Path
Next by Date: RE: [Sip] SIP Identity using Media Path
Previous by thread: RE: [Sip] SIP Identity using Media Path
Next by thread: RE: [Sip] SIP Identity using Media Path
Index(es):
- Date
- Thread