[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] FW: I-D Action:draft-kaplan-sip-session-id-00.txt

To: Paul Kyzivat <pkyzivat at cisco.com>, "Dale.Worley at comcast.net" <Dale.Worley at comcast.net>
Subject: Re: [Sip] FW: I-D Action:draft-kaplan-sip-session-id-00.txt
From: Hadriel Kaplan <HKaplan at acmepacket.com>
Date: Thu, 20 Nov 2008 09:38:42 -0500
Accept-language: en-US
Acceptlanguage: en-US
Cc: "sip at ietf.org" <sip at ietf.org>
Delivered-to: ietfarch-sip-web-archive at core3.amsl.com
Delivered-to: sip at core3.amsl.com
In-reply-to: <4924C3E4.40304 at cisco.com>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <E6C2E8958BA59A4FB960963D475F7AC3136C7E982E at mail> <200811200121.mAK1L68w70382772 at shell01.TheWorld.com> <4924C3E4.40304 at cisco.com>
Sender: sip-bounces at ietf.org
Thread-index: AclKszv+w2EcUb1cRMKQtUepNYw9AAAI92RQ
Thread-topic: [Sip] FW: I-D Action:draft-kaplan-sip-session-id-00.txt

> -----Original Message-----
> From: sip-bounces at ietf.org [mailto:sip-bounces at ietf.org] On Behalf Of Paul
> Kyzivat
>
> Dale.Worley at comcast.net wrote:
> > In regard to adding a Session-Id to requests are not given one by the
> > UAC:
> >
>
> Specifically, *subsequent* requests in the same dialog won't carry the
> same value, at least until the node that inserted the value is reached,
> if it is reached. And even then the same value won't be inserted unless
> the inserting node is dialog stateful. That argues for only having
> dialog stateful elements insert the header.

Although the draft mentions a UUID as one option, it leaves the mechanism to be decided.  One thing we could do instead of UUID, for example, would be to make it a hash of the received call-id and local system/node ID and MAC or some such.  In other words take some non-volatile system data munged with the call-id, and hash it to get the 128 bits of output for the Session-ID header value.  That way a stateless proxy can re-generate the same value again for upstream and downstream requests and responses, without it compromising or being re-create-able just from the call-id value and giving a reason for folks to remove it.
But I'll have to ask some security folks about that.

-hadriel
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

Follow-Ups:
- Re: [Sip] FW: I-D Action:draft-kaplan-sip-session-id-00.txt
  - From: Dale . Worley
- Re: [Sip] FW: I-D Action:draft-kaplan-sip-session-id-00.txt
  - From: Paul Kyzivat

References:
- [Sip] FW: I-D Action:draft-kaplan-sip-session-id-00.txt
  - From: Hadriel Kaplan
- Re: [Sip] FW: I-D Action:draft-kaplan-sip-session-id-00.txt
  - From: Dale . Worley
- Re: [Sip] FW: I-D Action:draft-kaplan-sip-session-id-00.txt
  - From: Paul Kyzivat

Prev by Date: [Sip] I-D ACTION:draft-ietf-sip-location-conveyance-12.txt
Next by Date: [Sip] Review of draft-kuthan-sip-derive-00
Previous by thread: Re: [Sip] FW: I-D Action:draft-kaplan-sip-session-id-00.txt
Next by thread: Re: [Sip] FW: I-D Action:draft-kaplan-sip-session-id-00.txt
Index(es):
- Date
- Thread