IETF Logo Mail Archive

Re: [P2PSIP] HBH vs. E2E SIP in P2PSIP

Dean Willis <dean.willis@softarmor.com> Sat, 14 July 2007 19:04 UTC

Return-path: <p2psip-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I9muX-00058G-DM; Sat, 14 Jul 2007 15:04:09 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I9muV-0004zv-DE for p2psip@ietf.org; Sat, 14 Jul 2007 15:04:07 -0400
Received: from nylon.softarmor.com ([66.135.38.164]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1I9muR-0001D5-2u for p2psip@ietf.org; Sat, 14 Jul 2007 15:04:07 -0400
Received: from cpe-76-185-142-113.tx.res.rr.com ([76.185.142.113] helo=[192.168.2.103]) by nylon.softarmor.com with esmtpsa (TLS-1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.63) (envelope-from <dean.willis@softarmor.com>) id 1I9muQ-0006ch-N1; Sat, 14 Jul 2007 14:04:02 -0500
In-Reply-To: <4697F367.6000809@cisco.com>
References: <4697F367.6000809@cisco.com>
Mime-Version: 1.0 (Apple Message framework v752.3)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <BA5E17DA-32BF-4E5F-823B-1637BFFE6B44@softarmor.com>
Content-Transfer-Encoding: 7bit
From: Dean Willis <dean.willis@softarmor.com>
Subject: Re: [P2PSIP] HBH vs. E2E SIP in P2PSIP
Date: Sat, 14 Jul 2007 14:03:50 -0500
To: Jonathan Rosenberg <jdrosen@cisco.com>
X-Mailer: Apple Mail (2.752.3)
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 52e1467c2184c31006318542db5614d5
Cc: P2PSIP WG <p2psip@ietf.org>
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/p2psip>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
Errors-To: p2psip-bounces@ietf.org

On Jul 13, 2007, at 4:49 PM, Jonathan Rosenberg wrote:

> draft-bryan-p2psip-requirements-00 talks about how SIP relates to  
> the P2P protocol. It says:
>
>> The above discussion suggests at least two paradigms for SIP     
>> operation in a p2p setting: the end-to-end paradigm where a SIP  
>> user    agent uses the p2p location service to discover the  
>> location of    callee, and then send the SIP message directly to  
>> the callee, or a    hop-by-hop paradigm where each peer forwards  
>> the SIP request to a    peer which is more 'closer' to the callee.  
>> The former can be thought    of as a RPC whereas the later can be  
>> thought of as a local procedure    call to determine the next hop.
>
> I'd like to propose that, any model which views the peers in the  
> p2p network as proxies (things that add Via headers, follow proxy  
> rules as defined in RFC 3261, and so on), is basically fatally  
> flawed from a security perspective.

Unless the system uses the SIPSEC model, where following an initial  
SIP request the proxies form a cryptotransparent tunnel between UAs.

That's the real reason I've been pushing the SIPSEC draft.

If we have a SIP-based P2P layer where peers act as SIP proxies (as  
in dSIP), then we must have something like SIPSEC to provide for  
secure transport.

If we use something other than SIP, then that "something" must have  
equivalent functionality. We just can't go around handing cleartext  
to peers (even if the peer is a STUN relay instead of a SIP proxy)  
and hoping they don't abuse it.

--
Dean

_______________________________________________
P2PSIP mailing list
P2PSIP@ietf.org
https://www1.ietf.org/mailman/listinfo/p2psip

v2.23.0 | Report a Bug | By Email