[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Sip] SIP Identity using Media Path

To: "'Hans Persson'" <hasse@xxxxxxxxxx>
Subject: RE: [Sip] SIP Identity using Media Path
From: "Dan Wing" <dwing@xxxxxxxxx>
Date: Wed, 4 Jul 2007 10:34:00 -0700
Authentication-results: rtp-dkim-1; header.From=dwing@xxxxxxxxx; dkim=pass ( sig from cisco.com/rtpdkim1001 verified; );
Cc: "'Christer Holmberg \(JO/LMF\)'" <christer.holmberg@xxxxxxxxxxxx>, <sip@xxxxxxxx>, <ietf-rtpsec@xxxxxxx>
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1189; t=1183570442; x=1184434442; c=relaxed/simple; s=rtpdkim1001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@xxxxxxxxx; z=From:=20=22Dan=20Wing=22=20<dwing@xxxxxxxxx> |Subject:=20RE=3A=20[Sip]=20SIP=20Identity=20using=20Media=20Path |Sender:=20 |To:=20=22'Hans=20Persson'=22=20<hasse@xxxxxxxxxx>; bh=uL2yUkvTIo6ZN97SEiNKjOynG0GTtpiadlYhQT/8wjY=; b=OtHdelU0NcflrU9WeXoqrZkcQc1Zk2sjyZqD5ilm4+xkyuSlg+sKypH7sx96NhfntYC6DQCo aNSRyEL2mgz6TuNb5puZeXdA08wplA0Asqv+RGuYH5y26y6NOevqSpQh;
In-reply-to: <1183569490.6837.10.camel@xxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx
Thread-index: Ace+X2Dig74OrYVtTxKdnvVFAvQxpAAATfzw

> > Yes, I agree that will give the best chance.  Of course, it is
> > always possible for an SBC (or firewall) to block such messages 
> > anyway (as has been discussed on the RTPSEC mailer).
> 
> But that would at least mean that the SBC would have to look 
> inside the media stream to see that not everything in it is 
> (S)RTP, instead of just looking at the source and destination. 

Many SBCs, and some firewalls, include "RTP inspection".  They drop
packets that aren't RTP packets (such as ICE packets, DTLS-SRTP
packets [draft-ietf-avt-dtls-srtp], and RTCP packets
[draft-ietf-avt-rtp-and-rtcp-mux].

> It may happen, of course, but at least it's less likely. When it does
> appear, it would require an SBC that can recognize the security
> interchange for what it is and allow it to pass even though it isn't
> media. I'm not sure if that can reasonably be done.

Unless or until another solution to providing Identity is proposed,
I think it'll be necessary.  Identity is important so 
that the industry can build reliable and useful whitelists, 
blacklists, and reputation systems -- which are all necessary for 
call routing and mitigating spam.

-d

Prev by Date: RE: [Sip] SIP Identity using Media Path
Next by Date: FW: IPR Statement RE: draft-wing-sip-identity-media-00.txt
Previous by thread: RE: [Sip] SIP Identity using Media Path
Next by thread: FW: IPR Statement RE: draft-wing-sip-identity-media-00.txt
Index(es):
- Date
- Thread