[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sip] RE: Authintification of Responses

To: "'Jesske, R'" <R.Jesske@telekom.de>, sip@ietf.org
Subject: [Sip] RE: Authintification of Responses
From: "Mark Watson" <mwatson@nortelnetworks.com>
Date: Thu, 13 Mar 2003 15:55:33 -0000
Cc: "Alexeitsev, D" <D.Alexeitsev@telekom.de>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/sip>,<mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>,<mailto:sip-request@ietf.org?subject=unsubscribe>
Sender: sip-admin@ietf.org

Title: RE: Authintification of Responses

Roland,

The P-Asserted-Identity can be used in responses.

The extract you quote was intended to mean that the 'identity of the user' was verified by authentication, rather than the 'message' itself being verified by authentication (I guess the 'it' in that extract could be ambiguous). It doesn't say how or when the authentication was carried out.

For example, if a proxy has authenticated a user by some secure means and then later if the same proxy can securely determine that a particular response came from the same user, THEN that proxy can use the result of the initial authentication to insert a P-Asserted-Identity in the later response.

This could be achieved, for example, by use of some kind of integrity protection on the UA-Proxy link.

As to whether you could interwork this P-Asserted-Identity to the Connected Number within the PSTN, this depends on whether the rules of your particular Trust Domain for Asserted Identity (in terms of what it means for a number to be 'trusted') match the rules within the PSTN (potentially the particular national PSTN) for Connected Number.

Certainly it is possible and conceivable for the rules to match - and this would motivate including a protocol mapping within any interworking specification you might happen to be writing - but it should be clear that (as with CLI), whether this mapping takes place in a given situation depends on the policies of the Trust Domains.

...Mark

> -----Original Message-----
> From: Jesske, R [mailto:R.Jesske@telekom.de]
> Sent: 13 March 2003 08:39
> To: sip@ietf.org
> Cc: Watson, Mark [MOP:EP10:EXCH]; Alexeitsev, D
> Subject: Authintification of Responses
>
>
> Dear all,
> RFC 3325 (Private Extensions to the Session Initiation
> Protocol (SIP) for Asserted Identity within Trusted Networks)
> is stating that:
>
> The P-Asserted-Identity header field is used among trusted SIP
> entities (typically intermediaries) to carry the identity of the user
> sending a SIP message as it was verified by authentication.
>
> From my point of view this statement includes that Requests
> and Responses can be verified within the SIP domain. But is
> this possible and described within SIP that a Response will
> be also verified by authenticated if needed?
>
> Background of this question is, if it is possible to
> interwork a P-Asserted-ID in a Response (if this could be to
> a connected number parameter within PSTN. The Connected
> number within PSTN must be a trusted number.
>
>
> Thank You
>
> Best Regards
>
> Roland Jesske
>
>
>
>
> Deutsche Telekom AG
> T Com Zentrale
> Roland Jesske, T38-12
> Section T38; Signalling, Gateways and Switching Systems
> Am Kavalleriesand 3, 64295 Darmstadt, Germany
> Phone: +49 6151 83-5940
> Fax: +49 6151 83-4577
> <mailto:r.jesske@telekom.de>
>
>
>
>

Prev by Date: [Sip] Authenticating with LDAP
Next by Date: RE: [Sip] Authintification of Responses
Previous by thread: [Sip] Authenticating with LDAP
Next by thread: [Sip] changes in caller prefs
Index(es):
- Date
- Thread