RE: [P2PSIP] HBH vs. E2E SIP in P2PSIP
"Henry Sinnreich" <hsinnrei@adobe.com> Fri, 13 July 2007 21:58 UTC
Return-path: <p2psip-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I9TA2-0004AH-WC; Fri, 13 Jul 2007 17:58:51 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I9TA0-000409-T5 for p2psip@ietf.org; Fri, 13 Jul 2007 17:58:48 -0400
Received: from exprod6og55.obsmtp.com ([64.18.1.191]) by chiedprmail1.ietf.org with smtp (Exim 4.43) id 1I9TA0-0002SA-EJ for p2psip@ietf.org; Fri, 13 Jul 2007 17:58:48 -0400
Received: from source ([192.150.20.142]) by exprod6ob55.postini.com ([64.18.5.12]) with SMTP; Fri, 13 Jul 2007 14:57:37 PDT
Received: from inner-relay-3.eur.adobe.com (inner-relay-3b [10.128.4.236]) by outbound-smtp-2.corp.adobe.com (8.12.10/8.12.10) with ESMTP id l6DLvaWs023992; Fri, 13 Jul 2007 14:57:36 -0700 (PDT)
Received: from fe2.corp.adobe.com (fe2.corp.adobe.com [10.8.192.72]) by inner-relay-3.eur.adobe.com (8.12.10/8.12.9) with ESMTP id l6DLvF0o005296; Fri, 13 Jul 2007 14:57:35 -0700 (PDT)
Received: from namail5.corp.adobe.com ([10.8.192.88]) by fe2.corp.adobe.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 13 Jul 2007 14:57:18 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [P2PSIP] HBH vs. E2E SIP in P2PSIP
Date: Fri, 13 Jul 2007 14:56:56 -0700
Message-ID: <24CCCC428EFEA2469BF046DB3C7A8D22AA9C91@namail5.corp.adobe.com>
In-Reply-To: <4697F367.6000809@cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [P2PSIP] HBH vs. E2E SIP in P2PSIP
Thread-Index: AcfFl7NYzqLvFgqITFy5hvfWvFHWMwAAG7tg
References: <4697F367.6000809@cisco.com>
From: Henry Sinnreich <hsinnrei@adobe.com>
To: Jonathan Rosenberg <jdrosen@cisco.com>, P2PSIP WG <p2psip@ietf.org>
X-OriginalArrivalTime: 13 Jul 2007 21:57:18.0587 (UTC) FILETIME=[C81504B0:01C7C598]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 1a1bf7677bfe77d8af1ebe0e91045c5b
Cc:
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/p2psip>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
Errors-To: p2psip-bounces@ietf.org
Jonathan, Though I have co-authored the document, I believe you are right here: >> hop-by-hop paradigm where each peer forwards the SIP request to a >> peer which is more 'closer' to the callee. > is basically fatally flawed from a security perspective. On 2nd thought it is also not desirable for other reasons, such call setup delay, higher risk of packet loss and more bandwidth/computing consumption. Good catch. Henry -----Original Message----- From: Jonathan Rosenberg [mailto:jdrosen@cisco.com] Sent: Friday, July 13, 2007 2:49 PM To: P2PSIP WG Subject: [P2PSIP] HBH vs. E2E SIP in P2PSIP draft-bryan-p2psip-requirements-00 talks about how SIP relates to the P2P protocol. It says: > The above discussion suggests at least two paradigms for SIP > operation in a p2p setting: the end-to-end paradigm where a SIP user > agent uses the p2p location service to discover the location of > callee, and then send the SIP message directly to the callee, or a > hop-by-hop paradigm where each peer forwards the SIP request to a > peer which is more 'closer' to the callee. The former can be thought > of as a RPC whereas the later can be thought of as a local procedure > call to determine the next hop. I'd like to propose that, any model which views the peers in the p2p network as proxies (things that add Via headers, follow proxy rules as defined in RFC 3261, and so on), is basically fatally flawed from a security perspective. SIP was not designed on a model of untrusted proxies. I know this keeps coming up time and time again in the core SIP mailing list. The problem is, the design of SIP quite purposefully gives SIP proxies pretty wide latitude in manipulating message contents and doing things. We have some limited protection, if you believe in things like S/MIME, but by its very definition, SIP allows proxies to do lots of stuff. They can send requests to different places, they can fork, they can send responses, they can add and remove headers, they can change the destination of a request. All of it is legal and makes sense in a proxy-routed model. However, in P2PSIP, if you think of the peers as proxies, you enter a use case where you trust none of the proxies, and in fact every call has a whole lot of them on the signaling path (O(logN)). I guarantee you that these untrusted proxies will launch attacks that are hard to fix without basically completely changing the way the SIP protocol works. So, don't do it. The way you limit what peers can do is by using a protocol to communicate with peers whose very design limits what can be done. A protocol built from the ground up to do nothing but give an intermediary the ability to move a message around based on DHT topology. You wouldn't need to worry about things modifying media destinations since there is no SDP. You needn't worry about spoofing caller ID since there is no caller ID in the protocol. All you do is use this protocol to allow you to set up a secure, e2e, TLS connection between you and the UA you want to talk to, and then run SIP over that. The great benefit is that SIP already allows UA to UA communications. It always has. P2PSIP then slides in as a pure, clean replacement for RFC3263, allowing you to identify the target UA that you want to connect to, and provide a means for connecting to them through firewalls and NATs. Thus I'd like to suggest that the E2E SIP model described in the requirements document be the one we are shooting for. Thanks, Jonathan R. -- Jonathan D. Rosenberg, Ph.D. 600 Lanidex Plaza Cisco Fellow Parsippany, NJ 07054-2711 Cisco Systems jdrosen@cisco.com FAX: (973) 952-5050 http://www.jdrosen.net PHONE: (973) 952-5000 http://www.cisco.com _______________________________________________ P2PSIP mailing list P2PSIP@ietf.org https://www1.ietf.org/mailman/listinfo/p2psip _______________________________________________ P2PSIP mailing list P2PSIP@ietf.org https://www1.ietf.org/mailman/listinfo/p2psip
- [P2PSIP] HBH vs. E2E SIP in P2PSIP Jonathan Rosenberg
- RE: [P2PSIP] HBH vs. E2E SIP in P2PSIP Henry Sinnreich
- Re: [P2PSIP] HBH vs. E2E SIP in P2PSIP Dean Willis
- Re: [P2PSIP] HBH vs. E2E SIP in P2PSIP Bruce Lowekamp
- Re: [P2PSIP] HBH vs. E2E SIP in P2PSIP Eunsoo Shim
- RE: [P2PSIP] HBH vs. E2E SIP in P2PSIP marcin.matuszewski
- RE: [P2PSIP] HBH vs. E2E SIP in P2PSIP JiangXingFeng
- Re: [P2PSIP] HBH vs. E2E SIP in P2PSIP Vijay K. Gurbani