[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sip] comments on sip-auth
I have two comments on the sip-auth draft. I apologize if these issues have
already been raised.
Has the idea of qop value for authentication plus header integrity without
including the message body been considered? In situations where the request
must traverse a NATing SIP element which "fixes" the IP addresses and ports
in the SDP to enable the RTP media flows, the only alternative is plain
"auth" and no integrity at all.
Section 7.3 says:
If a stateful proxy receives a 492 and determines that it contains a
single UAS-Authenticate header targeted solely at itself, it MAY
resubmit the request to the UAS with a UAS-Authorization header
containing the credential as a separate branch.
I don't think this is possible because the Cseq number must be increased
(otherwise it will look like a re-transmission or merged request) and the
proxy does not own the CSeq. It would have to be a B2BUA and generate its
own Cseq (and possibly Call-Id).
cheers,
(-:bob
Robert F. Penfield
Chief Software Architect
Acme Packet, Inc.
130 New Boston Street
Woburn, MA 01801
bpenfield@acmepacket.com
_______________________________________________
Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip