RE: [P2PSIP] HBH vs. E2E SIP in P2PSIP
<marcin.matuszewski@nokia.com> Mon, 16 July 2007 08:42 UTC
Return-path: <p2psip-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IAMAF-0004b9-3G; Mon, 16 Jul 2007 04:42:43 -0400
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IAMAD-0004aw-Q1 for p2psip@ietf.org; Mon, 16 Jul 2007 04:42:41 -0400
Received: from smtp.nokia.com ([131.228.20.170] helo=mgw-ext11.nokia.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IAMAD-0007Pm-7R for p2psip@ietf.org; Mon, 16 Jul 2007 04:42:41 -0400
Received: from esebh108.NOE.Nokia.com (esebh108.ntc.nokia.com [172.21.143.145]) by mgw-ext11.nokia.com (Switch-3.2.5/Switch-3.2.5) with ESMTP id l6G8gGaa029050; Mon, 16 Jul 2007 11:42:21 +0300
Received: from esebh104.NOE.Nokia.com ([172.21.143.34]) by esebh108.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 16 Jul 2007 11:42:20 +0300
Received: from esebe102.NOE.Nokia.com ([172.21.138.217]) by esebh104.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 16 Jul 2007 11:42:20 +0300
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [P2PSIP] HBH vs. E2E SIP in P2PSIP
Date: Mon, 16 Jul 2007 11:45:27 +0300
Message-ID: <3F18E76823C95E4795181D74BAC7664F04CC5CC5@esebe102.NOE.Nokia.com>
In-Reply-To: <4697F367.6000809@cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [P2PSIP] HBH vs. E2E SIP in P2PSIP
Thread-Index: AcfFl7PCK2MLLA4/ScmBODB/syRC0wB66e4g
References: <4697F367.6000809@cisco.com>
From: marcin.matuszewski@nokia.com
To: jdrosen@cisco.com, p2psip@ietf.org
X-OriginalArrivalTime: 16 Jul 2007 08:42:20.0582 (UTC) FILETIME=[39184C60:01C7C785]
X-Nokia-AV: Clean
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 5011df3e2a27abcc044eaa15befcaa87
Cc:
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/p2psip>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
Errors-To: p2psip-bounces@ietf.org
Hi Jonathan, The authors discussed this problem and decided to leave two options. As Henry said there are pros and cons of either these but... I agree with you that the first option should be a MUST from the security perspective. Actually this issue is discussed in http://www.ietf.org/internet-drafts/draft-matuszewski-p2psip-security-re quirements-01.txt document. Marcin >-----Original Message----- >From: ext Jonathan Rosenberg [mailto:jdrosen@cisco.com] >Sent: 14 July, 2007 00:49 >To: P2PSIP WG >Subject: [P2PSIP] HBH vs. E2E SIP in P2PSIP > >draft-bryan-p2psip-requirements-00 talks about how SIP relates >to the P2P protocol. It says: > >> The above discussion suggests at least two paradigms for SIP >> operation in a p2p setting: the end-to-end paradigm where >a SIP user >> agent uses the p2p location service to discover the location of >> callee, and then send the SIP message directly to the >callee, or a >> hop-by-hop paradigm where each peer forwards the SIP request to a >> peer which is more 'closer' to the callee. The former can >be thought >> of as a RPC whereas the later can be thought of as a >local procedure >> call to determine the next hop. > >I'd like to propose that, any model which views the peers in >the p2p network as proxies (things that add Via headers, >follow proxy rules as defined in RFC 3261, and so on), is >basically fatally flawed from a security perspective. > >SIP was not designed on a model of untrusted proxies. I know >this keeps coming up time and time again in the core SIP >mailing list. The problem is, the design of SIP quite >purposefully gives SIP proxies pretty wide latitude in >manipulating message contents and doing things. We have some >limited protection, if you believe in things like S/MIME, but >by its very definition, SIP allows proxies to do lots of >stuff. They can send requests to different places, they can >fork, they can send responses, they can add and remove >headers, they can change the destination of a request. All of >it is legal and makes sense in a proxy-routed model. > >However, in P2PSIP, if you think of the peers as proxies, you >enter a use case where you trust none of the proxies, and in >fact every call has a whole lot of them on the signaling path >(O(logN)). I guarantee you that these untrusted proxies will >launch attacks that are hard to fix without basically >completely changing the way the SIP protocol works. > >So, don't do it. > >The way you limit what peers can do is by using a protocol to >communicate with peers whose very design limits what can be >done. A protocol built from the ground up to do nothing but >give an intermediary the ability to move a message around >based on DHT topology. You wouldn't need to worry about things >modifying media destinations since there is no SDP. You >needn't worry about spoofing caller ID since there is no >caller ID in the protocol. All you do is use this protocol to >allow you to set up a secure, e2e, TLS connection between you >and the UA you want to talk to, and then run SIP over that. > >The great benefit is that SIP already allows UA to UA >communications. It always has. P2PSIP then slides in as a >pure, clean replacement for RFC3263, allowing you to identify >the target UA that you want to connect to, and provide a means >for connecting to them through firewalls and NATs. > >Thus I'd like to suggest that the E2E SIP model described in >the requirements document be the one we are shooting for. > >Thanks, >Jonathan R. > > >-- >Jonathan D. Rosenberg, Ph.D. 600 Lanidex Plaza >Cisco Fellow Parsippany, NJ >07054-2711 >Cisco Systems >jdrosen@cisco.com FAX: (973) 952-5050 >http://www.jdrosen.net PHONE: (973) 952-5000 >http://www.cisco.com > >_______________________________________________ >P2PSIP mailing list >P2PSIP@ietf.org >https://www1.ietf.org/mailman/listinfo/p2psip > _______________________________________________ P2PSIP mailing list P2PSIP@ietf.org https://www1.ietf.org/mailman/listinfo/p2psip
- [P2PSIP] HBH vs. E2E SIP in P2PSIP Jonathan Rosenberg
- RE: [P2PSIP] HBH vs. E2E SIP in P2PSIP Henry Sinnreich
- Re: [P2PSIP] HBH vs. E2E SIP in P2PSIP Dean Willis
- Re: [P2PSIP] HBH vs. E2E SIP in P2PSIP Bruce Lowekamp
- Re: [P2PSIP] HBH vs. E2E SIP in P2PSIP Eunsoo Shim
- RE: [P2PSIP] HBH vs. E2E SIP in P2PSIP marcin.matuszewski
- RE: [P2PSIP] HBH vs. E2E SIP in P2PSIP JiangXingFeng
- Re: [P2PSIP] HBH vs. E2E SIP in P2PSIP Vijay K. Gurbani