[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Sip] SIP Identity using Media Path

To: "'Gilad Shaham'" <gshaham@xxxxxxxxxxx>, "'Hans Persson'" <hasse@xxxxxxxxxx>
Subject: RE: [Sip] SIP Identity using Media Path
From: "Dan Wing" <dwing@xxxxxxxxx>
Date: Thu, 12 Jul 2007 17:44:54 -0700
Authentication-results: sj-dkim-2; header.From=dwing@xxxxxxxxx; dkim=pass (s ig from cisco.com/sjdkim2002 verified; );
Cc: <sip@xxxxxxxx>, <ietf-rtpsec@xxxxxxx>
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1540; t=1184287495; x=1185151495; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@xxxxxxxxx; z=From:=20=22Dan=20Wing=22=20<dwing@xxxxxxxxx> |Subject:=20RE=3A=20[Sip]=20SIP=20Identity=20using=20Media=20Path |Sender:=20; bh=XTtAJMrwj/zBqEALLombuA9UqefUjWojjulMNdMiCP4=; b=pO74qz+aKHtkHZH1o2Gwcm6QccxV/lkY6BLy2qS81JM4HjvKAHqxI8tCDBq9cQj/N3yD33zl ObfUW0TyS8xiZ3ZlMO37AqprmxIeHzDInKMs/L6Rp8JCbeLRQ50N0CZA;
In-reply-to: <0E48B768805E4D44A70709C8AE092090BE6E20@xxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx
Thread-index: Ace+X1T3kIrHpOPTRcCFDOsCexxANwAARVfAAX019JAAJFqdwA==

> Dan Wing Wrote:
> > > > > Section 4.1, item about Contact:
> > > > >
> > > > > How can the Contact header usefully be used in the
> > > > > signing process? An
> > > > > SBC along the message path will happily replace it.
> > > >
> > > > I have removed that in -01 (which isn't yet published, of
> > > > course).  There
> > > > was some thought it was necessary, but I agree it should be
> > > > removed from the signature.
> > > >
> > > > On a similar note, I am considering removing CallId from
> > > > the signature.
> > > > Oftentimes the Call Id value contains an IP address (in
> > > > dotted decimal
> > > > or hex), and an SBC or B2BUA may also want to rewrite such
> > > > a CallId.  I
> > > > have made a note of that in -01 so this can be discussed.
> > >
> > > I thought about that as well, but apparently I forgot about
> > > adding it to
> > > my mail. I think it would be a good idea to take Call-ID out as
> > > well.
> > 
> > Ok, thanks.
> > 
> 
> I agree with this, but keep in mind that the call-id serves as a nonce
> in RFC 4474. It might require introducing a new header/parameter to be
> the nonce.

Thanks for that reminder.  You're right, and I agree that having the
authentication service add its own nonce is the best way to do it; such
a nonce need only be a random number, as it's already qualified by the
authentication service's domain (and certificate).  Thus, SBCs won't
need to also destroy it.  I'll include that in my working revision
to sip-identity-media.

-d

Prev by Date: FW: [MMUSIC] ICE-TCP issue: DTLS-SRTP over TCP?
Previous by thread: RE: [Sip] SIP Identity using Media Path
Next by thread: FW: IPR Statement RE: draft-wing-sip-identity-media-00.txt
Index(es):
- Date
- Thread