[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] Comment on DERIVE and B2BUAs

To: "Dean Willis" <dean.willis at softarmor.com>
Subject: Re: [Sip] Comment on DERIVE and B2BUAs
From: "Nasir Khan" <nkhan.sip at gmail.com>
Date: Tue, 28 Oct 2008 18:39:29 -0400
Cc: sip at ietf.org, "Elwell, John" <john.elwell at siemens.com>
Delivered-to: ietfarch-sip-archive at core3.amsl.com
Delivered-to: sip at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type:references; bh=wD/dq1zf1lI87h9H64eGtQBrDvog2hnhUeF9ah7Sz4c=; b=Y5Wspvpq8BmfICQRXAsYExL7MvsEgcUDUJSkImWqizgChcASgWxzOGvbz9Yzu9Ivff 35TtX2HyA6nzPD/cjR6JBQ7dDTR480m17mfXLxyqnk8wwyzd2oSWUjeAesZ6+B1gpFIL 7PUais1g0q0m+LjHZYdAtOP2iQFvU/5ytMl70=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:references; b=SlX/Few5q+ABC3HjE9eYVFUrdQf2FhIFYfNw66QKYPvw/iciWxgYREmMKiORaGZ96z y4OgsfDeac9X5m63pMGJpwVYzskRAEbxkNaU4ZNzLYz6mfARf/G90iqRFZ+66Eqrxd/Z s/7J0sAdssGMjSwYV/HPNnhGZJj1hSz+6F97k=
In-reply-to: <490793BF.10702 at softarmor.com>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <618e24240810250809j664bf47ay2745cc9fbf7b0565 at mail.gmail.com> <0D5F89FAC29E2C41B98A6A762007F5D001382923 at GBNTHT12009MSX.gb002.siemens.net> <cc1f582e0810281052y34f5bf88h300c6f59d84879fe at mail.gmail.com> <0D5F89FAC29E2C41B98A6A762007F5D00138295A at GBNTHT12009MSX.gb002.siemens.net> <490793BF.10702 at softarmor.com>
Sender: sip-bounces at ietf.org

Yes, obviously RFC 4474s mechanisms end at a B2BUA because the B2BUA effectively starts a new call (from the UAC side).

In fact the B2BUA cannot even provide a new Identity header if the From header remains unchanged because the Contact would typically be specific to the B2BUA and the private key for senders domain is unknown to this B2BUA.

It however is not as bad as it sounds because typically B2BUAs (SBCs in particular) would be within the final UASs trust domain.

Nasir

--
Get the most comprehensive open source SIP testing framework at http://sipper.agnity.com

--

On Tue, Oct 28, 2008 at 6:35 PM, Dean Willis <dean.willis at softarmor.com> wrote:

Elwell, John wrote:

>
> IBC said:
>> Since the B2BUA has detailed info of both legs A and B, it is
>> capable of doing needed changes, as replacing call-id and to-tag in
>> Event header. Also, the B2BUA could handle the SUBSCRIBE by its
>> own, this is, becoming a dialog presence server instead of
>> forwarding the SUBSCRIBE to the UA. B2BUA must handle all this
>> stuff since they are, in fact, the end point, not the UA's behind
>> them.
>
> [JRE] This reduces it to transitive trust, i.e., no better than
> P-Asserted-Identity. The UA that receives the INVITE request has to
> trust its local B2BUA to confirm that the INVITE request really did
> come from the wherever it claimed to have come from.
>
>

Since the INVITE is coming from the SBC (even though the SBC was
influenced by something else to get it to send the INVITE), I don't see
a problem with this.

Otherwise said, SBCs are always transitive trust unless we have
end-to-end crypto, in which case we don't really have SBCs.

So?

--
Dean

_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

--
Get the most comprehensive open source SIP testing framework at http://sipper.agnity.com

_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

Follow-Ups:
- Re: [Sip] Comment on DERIVE and B2BUAs
  - From: Victor Grinberg

References:
- [Sip] submission of a new I-D: "Dialog Event foR Identity VErification"
  - From: Victor Pascual Ávila
- [Sip] Comment on DERIVE and B2BUAs
  - From: Elwell, John
- Re: [Sip] Comment on DERIVE and B2BUAs
  - From: Iñaki Baz Castillo
- Re: [Sip] Comment on DERIVE and B2BUAs
  - From: Elwell, John
- Re: [Sip] Comment on DERIVE and B2BUAs
  - From: Dean Willis

Prev by Date: Re: [Sip] Comment on DERIVE and B2BUAs
Next by Date: Re: [Sip] Comment on DERIVE and B2BUAs
Previous by thread: Re: [Sip] Comment on DERIVE and B2BUAs
Next by thread: Re: [Sip] Comment on DERIVE and B2BUAs
Index(es):
- Date
- Thread