[P2PSIP] HBH vs. E2E SIP in P2PSIP
Jonathan Rosenberg <jdrosen@cisco.com> Fri, 13 July 2007 21:49 UTC
Return-path: <p2psip-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1I9T0w-00081G-Cj; Fri, 13 Jul 2007 17:49:26 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1I9T0u-00080m-F3 for p2psip@ietf.org; Fri, 13 Jul 2007 17:49:24 -0400
Received: from sj-iport-1-in.cisco.com ([171.71.176.70] helo=sj-iport-1.cisco.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1I9T0u-0002EP-3D for p2psip@ietf.org; Fri, 13 Jul 2007 17:49:24 -0400
Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-1.cisco.com with ESMTP; 13 Jul 2007 14:49:23 -0700
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ao8CACqQl0arR7PE/2dsb2JhbAA
X-IronPort-AV: i="4.16,538,1175497200"; d="scan'208"; a="8547300:sNHT14259180"
Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-4.cisco.com (8.12.11/8.12.11) with ESMTP id l6DLnNOQ007989 for <p2psip@ietf.org>; Fri, 13 Jul 2007 14:49:23 -0700
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id l6DLnN6M018996 for <p2psip@ietf.org>; Fri, 13 Jul 2007 21:49:23 GMT
Received: from xfe-sjc-212.amer.cisco.com ([171.70.151.187]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 13 Jul 2007 14:49:21 -0700
Received: from [10.32.241.147] ([10.32.241.147]) by xfe-sjc-212.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Fri, 13 Jul 2007 14:49:21 -0700
Message-ID: <4697F367.6000809@cisco.com>
Date: Fri, 13 Jul 2007 17:49:27 -0400
From: Jonathan Rosenberg <jdrosen@cisco.com>
User-Agent: Thunderbird 2.0.0.4 (Windows/20070604)
MIME-Version: 1.0
To: P2PSIP WG <p2psip@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 13 Jul 2007 21:49:21.0762 (UTC) FILETIME=[ABDF4C20:01C7C597]
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=3316; t=1184363363; x=1185227363; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jdrosen@cisco.com; z=From:=20Jonathan=20Rosenberg=20<jdrosen@cisco.com> |Subject:=20HBH=20vs.=20E2E=20SIP=20in=20P2PSIP |Sender:=20; bh=2Qa8KnwxbxE6lOQihpUQk5Y+tkMzeAUnYAqnObUpg4A=; b=hj3Q5/G1aLltKMLq7sj+Y4hrCrSFUgaf1vfXkQf0HLEl8PUo7j7BCVsSobXwgrcgq49ixiYe MhGMTEReH/GrSH8oPHlP53VQDi/LfRE2OfT9GTHzohEFXyzr9Tatpqg9;
Authentication-Results: sj-dkim-4; header.From=jdrosen@cisco.com; dkim=pass ( sig from cisco.com/sjdkim4002 verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 244a2fd369eaf00ce6820a760a3de2e8
Subject: [P2PSIP] HBH vs. E2E SIP in P2PSIP
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/p2psip>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
Errors-To: p2psip-bounces@ietf.org
draft-bryan-p2psip-requirements-00 talks about how SIP relates to the P2P protocol. It says: > The above discussion suggests at least two paradigms for SIP > operation in a p2p setting: the end-to-end paradigm where a SIP user > agent uses the p2p location service to discover the location of > callee, and then send the SIP message directly to the callee, or a > hop-by-hop paradigm where each peer forwards the SIP request to a > peer which is more 'closer' to the callee. The former can be thought > of as a RPC whereas the later can be thought of as a local procedure > call to determine the next hop. I'd like to propose that, any model which views the peers in the p2p network as proxies (things that add Via headers, follow proxy rules as defined in RFC 3261, and so on), is basically fatally flawed from a security perspective. SIP was not designed on a model of untrusted proxies. I know this keeps coming up time and time again in the core SIP mailing list. The problem is, the design of SIP quite purposefully gives SIP proxies pretty wide latitude in manipulating message contents and doing things. We have some limited protection, if you believe in things like S/MIME, but by its very definition, SIP allows proxies to do lots of stuff. They can send requests to different places, they can fork, they can send responses, they can add and remove headers, they can change the destination of a request. All of it is legal and makes sense in a proxy-routed model. However, in P2PSIP, if you think of the peers as proxies, you enter a use case where you trust none of the proxies, and in fact every call has a whole lot of them on the signaling path (O(logN)). I guarantee you that these untrusted proxies will launch attacks that are hard to fix without basically completely changing the way the SIP protocol works. So, don't do it. The way you limit what peers can do is by using a protocol to communicate with peers whose very design limits what can be done. A protocol built from the ground up to do nothing but give an intermediary the ability to move a message around based on DHT topology. You wouldn't need to worry about things modifying media destinations since there is no SDP. You needn't worry about spoofing caller ID since there is no caller ID in the protocol. All you do is use this protocol to allow you to set up a secure, e2e, TLS connection between you and the UA you want to talk to, and then run SIP over that. The great benefit is that SIP already allows UA to UA communications. It always has. P2PSIP then slides in as a pure, clean replacement for RFC3263, allowing you to identify the target UA that you want to connect to, and provide a means for connecting to them through firewalls and NATs. Thus I'd like to suggest that the E2E SIP model described in the requirements document be the one we are shooting for. Thanks, Jonathan R. -- Jonathan D. Rosenberg, Ph.D. 600 Lanidex Plaza Cisco Fellow Parsippany, NJ 07054-2711 Cisco Systems jdrosen@cisco.com FAX: (973) 952-5050 http://www.jdrosen.net PHONE: (973) 952-5000 http://www.cisco.com _______________________________________________ P2PSIP mailing list P2PSIP@ietf.org https://www1.ietf.org/mailman/listinfo/p2psip
- [P2PSIP] HBH vs. E2E SIP in P2PSIP Jonathan Rosenberg
- RE: [P2PSIP] HBH vs. E2E SIP in P2PSIP Henry Sinnreich
- Re: [P2PSIP] HBH vs. E2E SIP in P2PSIP Dean Willis
- Re: [P2PSIP] HBH vs. E2E SIP in P2PSIP Bruce Lowekamp
- Re: [P2PSIP] HBH vs. E2E SIP in P2PSIP Eunsoo Shim
- RE: [P2PSIP] HBH vs. E2E SIP in P2PSIP marcin.matuszewski
- RE: [P2PSIP] HBH vs. E2E SIP in P2PSIP JiangXingFeng
- Re: [P2PSIP] HBH vs. E2E SIP in P2PSIP Vijay K. Gurbani