|
Hello All,
I'm new on SIP, I have a question about
registration procedures, expecially the Hierarchical Registration described in
Shulzrinne's article "Application-Layer Mobility Using SIP".
Suppose this scenario, there are 2 domains (Visited
Network and Home Network) and there is a SIP registrar proxy in each domain;
1) a user in the visited network wants to register himself at his home network. UAC sends a REGISTER message; in this message the Contact header is set with the current IP address of the UAC. The message has a digital signature in order to provide integrity and authentication, such digital signature include the following headers: To, From, Contact, Date, C-Seq, Call-ID. 2) Suppose to implement the hierarchical registration as described in some Schulzrinne's articles: the SIP outbound proxy in the visited domain when receives this message has to change the Contact header putting in it its own address, before forwarding the REGISTER message to the user's home network. This is done in order to receive and inspect (by the proxy in the visited network) all incoming messages for the user visiting in. But if the Contact header is changed, the digital signature is compromised. The UAC should know the "correct" Contact value before doing the digital signature in his REGISTER messages. How can the proxy do to "inform" the UAC about this "correct" value? Are there existing mechanism? Is possible to do it with 4xx messages? Note: the UAC signs his messages with his private
key, the visited proxy do not know this key. I was supposing that this would be a possible solution (see the Scenario.txt attach): The Visited Proxy in the "4xx Contact Not Acceptable" notify the UAC the correct value to put in the Contact header, and in the successive REGISTER message the UAC fill the header with this new value. The Visited Register does not need to made any changes in the REGISTER message so the digital signature is still valid. It would be possible this
solution or there are other mechanisms?
Thank you very much for Your helps. Roby. |
UAC Visited Registrar Home Registrar | REGISTER | | |--------------------------------------------->| | | | | | 4xx Contact Address Not Acceptable | | |<---------------------------------------------| | | | | | REGISTER (with new Contact) | | |--------------------------------------------->| | | | REGISTER | | |----------------------------------------->| | | | | | 200 OK | | |<-----------------------------------------| | 200 OK | | |<---------------------------------------------| | | | |