[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] namespaces in RFC 4411, 4412 and draft-ietf-sip-rph-new-namespaces-00

To: Dale.Worley at comcast.net
Subject: Re: [Sip] namespaces in RFC 4411, 4412 and draft-ietf-sip-rph-new-namespaces-00
From: Paul Kyzivat <pkyzivat at cisco.com>
Date: Tue, 06 Nov 2007 17:34:30 -0500
Authentication-results: sj-dkim-1; header.From=pkyzivat@cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; );
Cc: sip at ietf.org
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1322; t=1194388480; x=1195252480; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=pkyzivat@cisco.com; z=From:=20Paul=20Kyzivat=20<pkyzivat@cisco.com> |Subject:=20Re=3A=20[Sip]=20namespaces=20in=20RFC=204411, =094412=20and=09 draft-ietf-sip-rph-new-namespaces-00 |Sender:=20; bh=+KbU2xM95KZ48ZyICeEwHITH0S4hyFSfNwU/mZVKhK0=; b=W/rGI0fiolGQcLxEAhFd99MOY14alCaE8OYZtgMc6vrn5x2ZVJF5hof/shQmKcu9SWUvL9y0 zDuMIJX3/HLQUdS+rmwfDLVWxA5ORdKfYkZfDeYZIPX2+0sX3DGErajLHxm5JoC0ZUuFv3f76F IWA/C4oOBBSIL1A1aa0sZewHU=;
In-reply-to: <200711062220.lA6MKcDY032532@dragon.ariadne.com>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <OFFC5712C2.6A97CD45-ON8525738A.007A66F2-8525738A.007B51F4@csc.com> <200711062220.lA6MKcDY032532@dragon.ariadne.com>
User-agent: Thunderbird 2.0.0.6 (Windows/20070728)

Dale.Worley at comcast.net wrote:

   From: Janet P Gunn <jgunn6 at csc.com>

   Your suggested behavior would seem to violate this.

That's true.  But I think the RFC-compliant behavior doesn't take into
account how the incoming request validates that it is authorized to
use the priority it has claimed.  The practical result is that
whenever a request crosses a trust boundary, the network operator of
the network being entered is going to remove any priority request.

I expect that the rules of the RFC will be followed by any elements
inside a *network*.  But I expect network ingress/egress elements to
violate it by default.

If the header is truly only a *request*, with no implication of asserted authorization, then there is no reason to remove it.

BUT, unless you can authenticate the sender of the request and authorize them to receive the priority they have requested, then there is little likelihood that it will be granted.

So the key issue is how authorization is determined. If this is a closed military network then I imagine they will have some kind of transitive trust that will support this.

But if the goal here is for emergency service workers to obtain priority over all sorts of networks, then I can't imagine how it can work.

	Paul


_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

References:
- Re: [Sip] namespaces in RFC 4411, 4412 and draft-ietf-sip-rph-new-namespaces-00
  - From: Janet P Gunn
- Re: [Sip] namespaces in RFC 4411, 4412 and draft-ietf-sip-rph-new-namespaces-00
  - From: Dale . Worley

Prev by Date: Re: [Sip] namespaces in RFC 4411, 4412 and draft-ietf-sip-rph-new-namespaces-00
Next by Date: RE: [Sip] media-security-requirements and lawful intercept
Previous by thread: Re: [Sip] namespaces in RFC 4411, 4412 and draft-ietf-sip-rph-new-namespaces-00
Next by thread: [Sip] RE: Review of draft-ietf-sip-media-security-requirements-00
Index(es):
- Date
- Thread