[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sip] Comment on DERIVE and B2BUAs
> -----Original Message-----
> From: Dean Willis [mailto:dean.willis at softarmor.com]
> Sent: 28 October 2008 22:36
> To: Elwell, John
> Cc: Iñaki Baz Castillo; sip at ietf.org
> Subject: Re: [Sip] Comment on DERIVE and B2BUAs
>
> Elwell, John wrote:
> >
> > IBC said:
> >> Since the B2BUA has detailed info of both legs A and B, it is
> >> capable of doing needed changes, as replacing call-id and to-tag in
> >> Event header. Also, the B2BUA could handle the SUBSCRIBE by its
> >> own, this is, becoming a dialog presence server instead of
> >> forwarding the SUBSCRIBE to the UA. B2BUA must handle all this
> >> stuff since they are, in fact, the end point, not the UA's behind
> >> them.
> >
> > [JRE] This reduces it to transitive trust, i.e., no better than
> > P-Asserted-Identity. The UA that receives the INVITE request has to
> > trust its local B2BUA to confirm that the INVITE request really did
> > come from the wherever it claimed to have come from.
> >
> >
>
> Since the INVITE is coming from the SBC (even though the SBC was
> influenced by something else to get it to send the INVITE), I
> don't see
> a problem with this.
>
> Otherwise said, SBCs are always transitive trusFrom sip-bounces at ietf.org Tue Oct 28 23:32:32 2008
Return-Path: <sip-bounces at ietf.org>
X-Original-To: sip-archive at optimus.ietf.org
Delivered-To: ietfarch-sip-archive at core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id 857643A6CCC;
Tue, 28 Oct 2008 23:32:32 -0700 (PDT)
X-Original-To: sip at core3.amsl.com
Delivered-To: sip at core3.amsl.com
Received: from localhost (localhost [127.0.0.1])
by core3.amsl.com (Postfix) with ESMTP id A75F63A6CB4
for <sip at core3.amsl.com>; Tue, 28 Oct 2008 23:32:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.931
X-Spam-Level:
X-Spam-Status: No, score=-1.931 tagged_above=-999 required=5 tests=[AWL=0.668,
BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32])
by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id tvU5OoJ2mjAQ for <sip at core3.amsl.com>;
Tue, 28 Oct 2008 23:32:31 -0700 (PDT)
Received: from mailgate.siemenscomms.co.uk (mailgate.siemenscomms.co.uk
[195.171.110.225])
by core3.amsl.com (Postfix) with ESMTP id A7FEB3A6CD4
for <sip at ietf.org>; Tue, 28 Oct 2008 23:31:21 -0700 (PDT)
Received: from GBNTHT12009MSX.gb002.siemens.net ([137.223.219.235])
by siemenscomms.co.uk (PMDF V6.3-x14 #31430)
with ESMTP id <0K9H005BUM481X at siemenscomms.co.uk> for sip at ietf.org; Wed,
29 Oct 2008 06:31:20 +0000 (GMT)
Date: Wed, 29 Oct 2008 06:31:18 +0000
From: "Elwell, John" <john.elwell at siemens.com>
In-reply-to: <490793BF.10702 at softarmor.com>
To: Dean Willis <dean.willis at softarmor.com>
Message-id: <0D5F89FAC29E2C41B98A6A762007F5D001382975 at GBNTHT12009MSX.gb002.siemens.net>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft Exchange V6.5
Thread-Topic: [Sip] Comment on DERIVE and B2BUAs
Thread-Index: Ack5TYw7YUWdxdBmSHO4RH2/xs6VjQAQlB3A
Content-class: urn:content-classes:message
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
References: <618e24240810250809j664bf47ay2745cc9fbf7b0565 at mail.gmail.com>
<0D5F89FAC29E2C41B98A6A762007F5D001382923 at GBNTHT12009MSX.gb002.siemens.net>
<cc1f582e0810281052y34f5bf88h300c6f59d84879fe at mail.gmail.com>
<0D5F89FAC29E2C41B98A6A762007F5D00138295A at GBNTHT12009MSX.gb002.siemens.net>
<490793BF.10702 at softarmor.com>
Cc: sip at ietf.org
Subject: Re: [Sip] Comment on DERIVE and B2BUAs
X-BeenThere: sip at ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>,
<mailto:sip-request at ietf.org?subject=unsubscribe>
List-Post: <mailto:sip at ietf.org>
List-Help: <mailto:sip-request at ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip>,
<mailto:sip-request at ietf.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: sip-bounces at ietf.org
Errors-To: sip-bounces at ietf.org
> -----Original Message-----
> From: Dean Willis [mailto:dean.willis at softarmor.com]
> Sent: 28 October 2008 22:36
> To: Elwell, John
> Cc: Iñaki Baz Castillo; sip at ietf.org
> Subject: Re: [Sip] Comment on DERIVE and B2BUAs
>
> Elwell, John wrote:
> >
> > IBC said:
> >> Since the B2BUA has detailed info of both legs A and B, it is
> >> capable of doing needed changes, as replacing call-id and to-tag in
> >> Event header. Also, the B2BUA could handle the SUBSCRIBE by its
> >> own, this is, becoming a dialog presence server instead of
> >> forwarding the SUBSCRIBE to the UA. B2BUA must handle all this
> >> stuff since they are, in fact, the end point, not the UA's behind
> >> them.
> >
> > [JRE] This reduces it to transitive trust, i.e., no better than
> > P-Asserted-Identity. The UA that receives the INVITE request has to
> > trust its local B2BUA to confirm that the INVITE request really did
> > come from the wherever it claimed to have come from.
> >
> >
>
> Since the INVITE is coming from the SBC (even though the SBC was
> influenced by something else to get it to send the INVITE), I
> don't see
> a problem with this.
>
> Otherwise said, SBCs are always transitive trust unless we have
> end-to-end crypto, in which case we don't really have SBCs.
[JRE] So we need to find a way of making e2e crypto work through SBCs.
John
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip
t unless we have
> end-to-end crypto, in which case we don't really have SBCs.
[JRE] So we need to find a way of making e2e crypto work through SBCs.
John
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip