IETF Logo Mail Archive

RE: [P2PSIP] HBH vs. E2E SIP in P2PSIP

JiangXingFeng <jiang.x.f@huawei.com> Tue, 17 July 2007 01:57 UTC

Return-path: <p2psip-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IAcJu-0007rV-Nj; Mon, 16 Jul 2007 21:57:46 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IAcJt-0007nO-Po for p2psip@ietf.org; Mon, 16 Jul 2007 21:57:45 -0400
Received: from szxga03-in.huawei.com ([61.144.161.55]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IAcJo-0001lQ-Dh for p2psip@ietf.org; Mon, 16 Jul 2007 21:57:45 -0400
Received: from huawei.com (szxga03-in [172.24.2.9]) by szxga03-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0JLA002CYW2MOX@szxga03-in.huawei.com> for p2psip@ietf.org; Tue, 17 Jul 2007 09:56:46 +0800 (CST)
Received: from huawei.com ([172.24.1.18]) by szxga03-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0JLA00478W2LMI@szxga03-in.huawei.com> for p2psip@ietf.org; Tue, 17 Jul 2007 09:56:46 +0800 (CST)
Received: from j36340 ([10.164.5.105]) by szxml03-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTPA id <0JLA00DVRW2HXM@szxml03-in.huawei.com> for p2psip@ietf.org; Tue, 17 Jul 2007 09:56:45 +0800 (CST)
Date: Tue, 17 Jul 2007 09:56:41 +0800
From: JiangXingFeng <jiang.x.f@huawei.com>
Subject: RE: [P2PSIP] HBH vs. E2E SIP in P2PSIP
In-reply-to: <4697F367.6000809@cisco.com>
To: 'Jonathan Rosenberg' <jdrosen@cisco.com>, 'P2PSIP WG' <p2psip@ietf.org>
Message-id: <000f01c7c815$b88598a0$6905a40a@china.huawei.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
X-Mailer: Microsoft Office Outlook 11
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Thread-index: AcfFl8zLUDbBcWkaSfKv53/WefRjJACelqYA
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 7fa173a723009a6ca8ce575a65a5d813
Cc:
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/p2psip>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
Errors-To: p2psip-bounces@ietf.org

Hi, Jonathan:

My two cents...
Yes, E2E paradigm could avoid security issues arising from forwarding SIP
message among the peers in the overlay. 
As for hop-by-hop paradigm, if we could make a overlay tunnel between two
peers and make sure that the destination peer for the overlay message, for
example, GET message, is the same as the peer where the callee hosts, then
the destination peer could use the upper layer application information
carried in the peer message to de-multiplex and distribute the applications
message encapsulated in the peer messages to the specific application
protocol entity, for example, SIP protocol stack. 

The application messages could be protected by the message sender by making
use of various security mechanisms and intermediary peer will not process
the application message and only forward the messages according to the DHT
routing algorithms. 
If used in this way, overlay will become a general platform to transport
various upper layer messages, for example, SIP message.

Obviously, peer protocol should support transporting application protocol
first and maybe need do some special work to make the application protocol
work as it is used in the Client/Server modes. For example, as for SIP, the
destination peer will check some headers and Request-URI to determine
whether it is a right message, so peer protocol may do some adaptation work
to make the destination does not care about how this message arrived at it. 

I am not sure it could be done. Presenting here is for your comments? 


Regards!

--
Jiang XingFeng
> -----Original Message-----
> From: Jonathan Rosenberg [mailto:jdrosen@cisco.com]
> Sent: Saturday, July 14, 2007 5:49 AM
> To: P2PSIP WG
> Subject: [P2PSIP] HBH vs. E2E SIP in P2PSIP
> 
> draft-bryan-p2psip-requirements-00 talks about how SIP relates to the
> P2P protocol. It says:
> 
> > The above discussion suggests at least two paradigms for SIP
> >    operation in a p2p setting: the end-to-end paradigm where a SIP user
> >    agent uses the p2p location service to discover the location of
> >    callee, and then send the SIP message directly to the callee, or a
> >    hop-by-hop paradigm where each peer forwards the SIP request to a
> >    peer which is more 'closer' to the callee. The former can be thought
> >    of as a RPC whereas the later can be thought of as a local procedure
> >    call to determine the next hop.
> 
> I'd like to propose that, any model which views the peers in the p2p
> network as proxies (things that add Via headers, follow proxy rules as
> defined in RFC 3261, and so on), is basically fatally flawed from a
> security perspective.
> 
> SIP was not designed on a model of untrusted proxies. I know this keeps
> coming up time and time again in the core SIP mailing list. The problem
> is, the design of SIP quite purposefully gives SIP proxies pretty wide
> latitude in manipulating message contents and doing things. We have some
> limited protection, if you believe in things like S/MIME, but by its
> very definition, SIP allows proxies to do lots of stuff. They can send
> requests to different places, they can fork, they can send responses,
> they can add and remove headers, they can change the destination of a
> request. All of it is legal and makes sense in a proxy-routed model.
> 
> However, in P2PSIP, if you think of the peers as proxies, you enter a
> use case where you trust none of the proxies, and in fact every call has
> a whole lot of them on the signaling path (O(logN)). I guarantee you
> that these untrusted proxies will launch attacks that are hard to fix
> without basically completely changing the way the SIP protocol works.
> 
> So, don't do it.
> 
> The way you limit what peers can do is by using a protocol to
> communicate with peers whose very design limits what can be done. A
> protocol built from the ground up to do nothing but give an intermediary
> the ability to move a message around based on DHT topology. You wouldn't
> need to worry about things modifying media destinations since there is
> no SDP. You needn't worry about spoofing caller ID since there is no
> caller ID in the protocol. All you do is use this protocol to allow you
> to set up a secure, e2e, TLS connection between you and the UA you want
> to talk to, and then run SIP over that.
> 
> The great benefit is that SIP already allows UA to UA communications. It
> always has. P2PSIP then slides in as a pure, clean replacement for
> RFC3263, allowing you to identify the target UA that you want to connect
> to, and provide a means for connecting to them through firewalls and NATs.
> 
> Thus I'd like to suggest that the E2E SIP model described in the
> requirements document be the one we are shooting for.
> 
> Thanks,
> Jonathan R.
> 
> 
> --
> Jonathan D. Rosenberg, Ph.D.                   600 Lanidex Plaza
> Cisco Fellow                                   Parsippany, NJ 07054-2711
> Cisco Systems
> jdrosen@cisco.com                              FAX:   (973) 952-5050
> http://www.jdrosen.net                         PHONE: (973) 952-5000
> http://www.cisco.com
> 
> _______________________________________________
> P2PSIP mailing list
> P2PSIP@ietf.org
> https://www1.ietf.org/mailman/listinfo/p2psip



_______________________________________________
P2PSIP mailing list
P2PSIP@ietf.org
https://www1.ietf.org/mailman/listinfo/p2psip

v2.23.0 | Report a Bug | By Email