RE: [Sip] SIP Identity using Media Path

["Christer Holmberg (JO/LMF)" <christer.holmberg@xxxxxxxxxxxx>]

Hi, 

>>"in order for the mechanism to work, SBC-type-of-entities must permit 
>>DTLS, TLS, ICE, or HIP messages to be exchanged in the media path."
>> 
>>A small question for clarification: at what point must this exchange 
>>(two-way, I assume) work? As soon as the UAS has received the INVITE?
> 
>Yes.

A little more on this.

As we have discussed before, you may not have two-way connectivity
before 200 OK.

Now assume that you will have two-way connectivity before you have even
sent the SDP answer. I am pretty sure what will not work with most SBCs.

Also, even if you don't have any SBCs, but you still have NATs, the
calling user often needs to send something in order to open the NAT
binding, and allow media plane traffic (including your identity
exchange) from the remote end. If you use ICE, or stand-alone STUN, you
will have an open NAT binding, but if your terminal opens the network
e.g. by sending dummy RTP packets, it will not be able to do so until it
has received the SDP answer.

So, I also think your solution requires support of ICE/STUN, and in the
case of ICE it also requires that the SBCs don't mess up the SDP so that
ICE will not be used.

Regards,

Christer