On Oct 31, 2008, at 8:03 AM, Iñaki Baz Castillo wrote:
2008/10/31 Michael Procter <michael at voip.co.uk>:Shall DERIVE be extended to support non-INVITE requests (e.g. MESSAGE)I'm not sure it can. RFC4235 is defined for INVITE-initiated dialogusages only. Yes, it could be extended, but I'm not convinced that isnecessarily the best way forward from here!Also note that MESSAGE doesn't establish a dialog, it just an independent transaction.
So we're asking "Is this from you" rather than "Did you initiate this dialog"?
It still seems like it might be a useful thing to know. Of course, this argues that 42325 may be the wrong basis.
Now, if we'd just made SIP work with opposing pairs of two-way transactions for everything, instead of singular two and three-way transactions, we could build confirmation options into everything. But we didn't.
Now, from a security perspective: Who's done the analysis on whether DERIVE introduces new attack opportunities?
For example, is there a DOS opportunity in using the home proxy as a message-exploder for source-forged SUBSCRIBE requests? Seems like thre might be a problem there . . .
-- Dean _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors at cs.columbia.edu for questions on current sip Use sipping at ietf.org for new developments on the application of sip