[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] submission of a new I-D: "Dialog Event foR IdentityVErification"

To: <Dale.Worley at comcast.net>, <sip at ietf.org>
Subject: Re: [Sip] submission of a new I-D: "Dialog Event foR IdentityVErification"
From: "Dan Wing" <dwing at cisco.com>
Date: Tue, 28 Oct 2008 20:52:02 -0700
Authentication-results: sj-dkim-1; header.From=dwing at cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; );
Delivered-to: ietfarch-sip-web-archive at core3.amsl.com
Delivered-to: sip at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; l=954; t=1225252324; x=1226116324; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing at cisco.com; z=From:=20=22Dan=20Wing=22=20<dwing at cisco.com> |Subject:=20RE=3A=20[Sip]=20submission=20of=20a=20new=20I-D =3A=20=22Dialog=20Event=20foR=20IdentityVErification=22 |Sender:=20; bh=papDMMy/OCAzGNn8vHk+TGmBdH0ZNYY7sFShcRfD6ps=; b=HCo7+bUVI2x1U10z9BsRh5bIBy6zdq7TgQGAnaTQgnZwL0Ymyho8mEtFha FXuh4YDCQ56NNSPtyjEqd4Q0pMv5xdmHMYJH0JACw5+oITxLS8ZatJGu3nuO b2L9gU8bITZ8Muj78v5IDNll1+dZqW3GTdfhB98mPOLz9EYBVKga4=;
In-reply-to: <200810290236.m9T2akDN55854559 at shell01.TheWorld.com>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <618e24240810250809j664bf47ay2745cc9fbf7b0565 at mail.gmail.com><D38ED479-3722-438A-83B8-F023E02B58A3 at softarmor.com> <200810290236.m9T2akDN55854559 at shell01.TheWorld.com>
Sender: sip-bounces at ietf.org
Thread-index: Ack5b20FZ3GeTM5zTlGiZA+VDSiCrQACXFxw

> With SIP, you don't know that the originating UAS has the same name as
> it is claiming to have, because you got the SIP message from some
> nearby proxy.  DERIVE is more like doing a reverse DNS lookup to see
> if the originating host has the name that it claims to have.

Yeah, that's walking the DNS tree.  It is valuable; heck, IETF's own
mailservers are doing it to reduce spam so it Must Be Good!  :-)

DERIVE is checking to see if your SIP routing takes you to the
same place that (claims to) be originating the incoming INVITE.  
It is using your *outgoing* SIP routing -- which you must already 
trust to send outbound messages -- to test the validity of the
(proported) From: address of an incoming INVITE.


Such a return routability check is probably the best SIP can do in the
presence of SBCs and the inability to get
draft-fischer-sip-e2e-sec-media-01.txt or draft-wing-sip-identity-media-03.txt
off the ground.

-d

_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

Follow-Ups:
- Re: [Sip] submission of a new I-D: "Dialog Event foR IdentityVErification"
  - From: Victor Pascual Ávila
- Re: [Sip] submission of a new I-D: "Dialog Event foR IdentityVErification"
  - From: Henry Sinnreich

References:
- [Sip] submission of a new I-D: "Dialog Event foR Identity VErification"
  - From: Victor Pascual Ávila
- Re: [Sip] submission of a new I-D: "Dialog Event foR Identity VErification"
  - From: Dean Willis
- Re: [Sip] submission of a new I-D: "Dialog Event foR Identity VErification"
  - From: Dale . Worley

Prev by Date: Re: [Sip] submission of a new I-D: "Dialog Event foRIdentityVErification"
Next by Date: Re: [Sip] Comment on DERIVE and B2BUAs
Previous by thread: Re: [Sip] submission of a new I-D: "Dialog Event foR Identity VErification"
Next by thread: Re: [Sip] submission of a new I-D: "Dialog Event foR IdentityVErification"
Index(es):
- Date
- Thread