[Sip-security] "forking problem"

"Dmitri Vinokurov" <vde_rlz@hotmail.com> Wed, 27 November 2002 04:30 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA04728 for <sip-security-archive@odin.ietf.org>; Tue, 26 Nov 2002 23:30:56 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id gAR4XJI19472 for sip-security-archive@odin.ietf.org; Tue, 26 Nov 2002 23:33:19 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id gAR4XJv19469 for <sip-security-web-archive@optimus.ietf.org>; Tue, 26 Nov 2002 23:33:19 -0500
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA04722 for <sip-security-web-archive@ietf.org>; Tue, 26 Nov 2002 23:30:25 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id gAR4XCv19461; Tue, 26 Nov 2002 23:33:12 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id gAR4WHv19442 for <sip-security@optimus.ietf.org>; Tue, 26 Nov 2002 23:32:17 -0500
Received: from hotmail.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id XAA04716 for <sip-security@ietf.org>; Tue, 26 Nov 2002 23:29:23 -0500 (EST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 26 Nov 2002 20:32:07 -0800
Received: from 216.209.118.21 by lw11fd.law11.hotmail.msn.com with HTTP; Wed, 27 Nov 2002 04:32:06 GMT
X-Originating-IP: [216.209.118.21]
From: Dmitri Vinokurov <vde_rlz@hotmail.com>
To: sip-security@ietf.org
Date: Wed, 27 Nov 2002 04:32:06 +0000
Mime-Version: 1.0
Content-Type: text/plain; format="flowed"
Message-ID: <F117Pp0yypcxp6NnTgb0000cf39@hotmail.com>
X-OriginalArrivalTime: 27 Nov 2002 04:32:07.0026 (UTC) FILETIME=[F1607520:01C295CD]
Subject: [Sip-security] "forking problem"
Sender: sip-security-admin@ietf.org
Errors-To: sip-security-admin@ietf.org
X-BeenThere: sip-security@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip-security>, <mailto:sip-security-request@ietf.org?subject=unsubscribe>
List-Id: Security Issues for the SIP protocol <sip-security.ietf.org>
List-Post: <mailto:sip-security@ietf.org>
List-Help: <mailto:sip-security-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip-security>, <mailto:sip-security-request@ietf.org?subject=subscribe>

Hello,

The "forking problem" for challenge-response authentication was mentioned in 
many sources. It looks like phone line is splitted inside the residence to 
more that one phones and all of them try to challenge the caller by 
different nonces, but Proxy accepts only the very first 401 response with 
all the ensuing consequences.

Why doesn't Proxy wait X msec after receving first response (if it is 401), 
accept all challenges with the same Call-ID but not more than Y of them 
(say, 8) and compile and send to the caller one composite response as 
forking proxy does.

What is wrong with such approach? And what is the proper generic non-PKI 
solution if any exists? Was is described somewhere?

Thank you.
Dmitri

_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail

_______________________________________________
Sip-security mailing list
Sip-security@ietf.org
https://www1.ietf.org/mailman/listinfo/sip-security