[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] Signing P-Asserted-Identity

To: Michael Thomas <mat at cisco.com>
Subject: Re: [Sip] Signing P-Asserted-Identity
From: Dan York <dyork at voxeo.com>
Date: Tue, 8 Jul 2008 15:58:22 -0400
Cc: "sip at ietf.org" <sip at ietf.org>
Delivered-to: ietfarch-sip-web-archive at core3.amsl.com
Delivered-to: sip at core3.amsl.com
In-reply-to: <4873C037.5050203@cisco.com>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <E6C2E8958BA59A4FB960963D475F7AC30EEDF3C361@mail.acmepacket.com> <4873B3C5.4020202@cisco.com> <E6C2E8958BA59A4FB960963D475F7AC30EEDF3CD21@mail.acmepacket.com> <4873C037.5050203@cisco.com>
Sender: sip-bounces at ietf.org

Mike,

On Jul 8, 2008, at 3:29 PM, Michael Thomas wrote:

Indeed, DKIM has the same constraint as well.  What I'm not entirely
getting is why 4474 isn't sufficient for the overall goal.


See:

http://tools.ietf.org/rfcmarkup?doc=draft-elwell-sip-e2e-identity-important-00
http://tools.ietf.org/id/draft-kaplan-sip-uris-change-00.txt

They explain where RFC 4474 breaks in actual implementations. (Thekey point being that devices in the network like SBCs change headersthat are part of the 4474 Identity signature, thus invalidating the4474 identity.)


Regards,
Dan

--
Dan York, CISSP, Director of Emerging Communication Technology
Office of the CTO    Voxeo Corporation     dyork at voxeo.com
Phone: +1-407-455-5859  Skype: danyork  http://www.voxeo.com
Blogs: http://blogs.voxeo.com  http://www.disruptivetelephony.com

Build voice applications based on open standards.
Find out how at http://www.voxeo.com/free





_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

References:
- [Sip] Signing P-Asserted-Identity
  - From: Hadriel Kaplan
- Re: [Sip] Signing P-Asserted-Identity
  - From: Michael Thomas
- Re: [Sip] Signing P-Asserted-Identity
  - From: Hadriel Kaplan
- Re: [Sip] Signing P-Asserted-Identity
  - From: Michael Thomas

Prev by Date: Re: [Sip] Signing P-Asserted-Identity
Next by Date: Re: [Sip] Signing P-Asserted-Identity
Previous by thread: Re: [Sip] Signing P-Asserted-Identity
Next by thread: Re: [Sip] Signing P-Asserted-Identity
Index(es):
- Date
- Thread