[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] Alternative SIP Identity Approach (was re: Thoughts on SIP Identity)

To: Dan Wing <dwing at cisco.com>, 'Cullen Jennings' <fluffy at cisco.com>, 'Adam Roach' <adam at nostrum.com>
Subject: Re: [Sip] Alternative SIP Identity Approach (was re: Thoughts on SIP Identity)
From: "Uzelac, Adam" <Adam.Uzelac at globalcrossing.com>
Date: Wed, 6 Aug 2008 14:17:39 -0400
Accept-language: en-US
Acceptlanguage: en-US
Cc: 'SIP IETF' <sip at ietf.org>, 'Dean Willis' <dean.willis at softarmor.com>
Delivered-to: ietfarch-sip-web-archive at core3.amsl.com
Delivered-to: sip at core3.amsl.com
In-reply-to: <02f901c8f7e1$a8e2d780$c2f0200a@cisco.com>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <0D5F89FAC29E2C41B98A6A762007F5D0F266CD@GBNTHT12009MSX.gb002.siemens.net> <02829328-7B0E-41AB-B325-01246363D09C@cisco.com> <4DAE5E60BA49D8419D7C8832503F5FFC072817AF26@EVS10.ams.gblxint.com> <FE11649F-C3C2-494F-8C40-569E83E91B80@softarmor.com> <0D5F89FAC29E2C41B98A6A762007F5D0F26D3A@GBNTHT12009MSX.gb002.siemens.net> <4DAE5E60BA49D8419D7C8832503F5FFC072817B5A6@EVS10.ams.gblxint.com><06BFFD03-B8FC-47FC-8659-43BF4B60A3B6@softarmor.com> <4891BAA4.7040305@nostrum.com> <0af101c8f312$c6638170$3675150a@cisco.com> <4891C350.1030504@nostrum.com> <0b0801c8f315$31cb02b0$3675150a@cisco.com> <4891CC9B.4010507@nostrum.com> <D0F7A190-2098-4858-8FD5-55C385D611C7@cisco.com> <02f901c8f7e1$a8e2d780$c2f0200a@cisco.com>
Sender: sip-bounces at ietf.org
Thread-index: Acj3y8jW87uJNoXDTzaLxzToRrIa/AAFc+GwAANObKA=
Thread-topic: [Sip] Alternative SIP Identity Approach (was re: Thoughts on SIP Identity)

> I would like to accomplish end-to-end identity through SBCs, rather
> than hop-by-hop identity that exists with today's RFC4474 through SBCs.
>
> -d

I agree with Dan here that end-to-end identity through SBCs should be the main driver. A world exists today where intermediaries are modifying signed information, and such modifications breaks RFC 4474 signatures. I understand that omitting elements that are signed leaves security gaps, but the reality is that these modifications are being done for reasons that are valid for all parties involved, mainly to complete the call.  Without permitting these changes to occur only ensure that 4474 will not enjoy mass adoption.

Adam

_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

References:
- [Sip] Thoughts on SIP Identity issues
  - From: Elwell, John
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Cullen Jennings
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Uzelac, Adam
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Dean Willis
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Elwell, John
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Uzelac, Adam
- [Sip] Alternative SIP Identity Approach (was re: Thoughts on SIP Identity)
  - From: Dean Willis
- Re: [Sip] Alternative SIP Identity Approach (was re: Thoughts on SIP Identity)
  - From: Adam Roach
- Re: [Sip] Alternative SIP Identity Approach (was re: Thoughts on SIP Identity)
  - From: Dan Wing
- Re: [Sip] Alternative SIP Identity Approach (was re: Thoughts on SIP Identity)
  - From: Adam Roach
- Re: [Sip] Alternative SIP Identity Approach (was re: Thoughts on SIP Identity)
  - From: Dan Wing
- Re: [Sip] Alternative SIP Identity Approach (was re: Thoughts on SIP Identity)
  - From: Adam Roach
- Re: [Sip] Alternative SIP Identity Approach (was re: Thoughts on SIP Identity)
  - From: Cullen Jennings
- Re: [Sip] Alternative SIP Identity Approach (was re: Thoughts on SIP Identity)
  - From: Dan Wing

Prev by Date: Re: [Sip] Multiple early-dialog usages [was RE: Comments on draft-ietf-sip-199-00.txt]
Next by Date: Re: [Sip] Inadequate Requirements for draft-ietf-sip-199-00
Previous by thread: Re: [Sip] Alternative SIP Identity Approach (was re: Thoughts on SIP Identity)
Next by thread: Re: [Sip] Alternative SIP Identity Approach (was re: Thoughts on SIP Identity)
Index(es):
- Date
- Thread