[Sip] Few Doubts/comments in draft-ietf-sip-outbound-11
"Hulbut hulbut" <hulbut@gmail.com> Fri, 04 January 2008 16:19 UTC
Return-path: <sip-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1JApGb-0002NL-NY; Fri, 04 Jan 2008 11:19:29 -0500
Received: from sip by megatron.ietf.org with local (Exim 4.43) id 1JApGa-0002ND-2i for sip-confirm+ok@megatron.ietf.org; Fri, 04 Jan 2008 11:19:28 -0500
Received: from sip by megatron.ietf.org with local (Exim 4.43) id 1JApGZ-0002N2-PK for sip@ietf.org; Fri, 04 Jan 2008 11:19:27 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1JAod8-0001qi-QY for sip@ietf.org; Fri, 04 Jan 2008 10:38:42 -0500
Received: from fg-out-1718.google.com ([72.14.220.158]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1JAod7-0001oJ-SI for sip@ietf.org; Fri, 04 Jan 2008 10:38:42 -0500
Received: by fg-out-1718.google.com with SMTP id 16so3598619fgg.41 for <sip@ietf.org>; Fri, 04 Jan 2008 07:38:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:mime-version:content-type; bh=wxDhDyNFWBuAlCg9PxloWtFp97O9oZy8Sv1GP0ifAOc=; b=X9CiCZSCqvdtBSml21h1KIC7Ie0i7++gfy1NaQzE600Kji8SMGNzYH72O+RdZFX7g7KaRLdRmcFu170vn4oLR8N5C034bRVQjRJFg24eiNaECZpGk20c3qvEQ4HHsT18xgDzk7OMVI/Fyz+MzjlV4VCIaHOY3SR2rf1z7ZgML/I=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:mime-version:content-type; b=Xw0p95BVjJzQMvaLVyfXKcAloUsA/OjNjR5CGuSKgGXpIPKgFnWmD8jCHxEOF2ntHIxbJ3UsrSaqzCW8EheTgcnWyTyNXyOONOh/eXvRW5bbjX+AIFBzWNwQgIRCiEXoJu8C3QtzFH+uBnC0jJbkiW0PxBeZR4aS8JvXMmLnkR4=
Received: by 10.86.53.8 with SMTP id b8mr8136275fga.64.1199461121176; Fri, 04 Jan 2008 07:38:41 -0800 (PST)
Received: by 10.86.89.20 with HTTP; Fri, 4 Jan 2008 07:38:41 -0800 (PST)
Message-ID: <14b80930801040738r69009873kec9385762a3c9d2a@mail.gmail.com>
Date: Fri, 04 Jan 2008 21:08:41 +0530
From: Hulbut hulbut <hulbut@gmail.com>
To: rohan@ekabal.com
Subject: [Sip] Few Doubts/comments in draft-ietf-sip-outbound-11
MIME-Version: 1.0
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b22590c27682ace61775ee7b453b40d3
X-TMDA-Confirmed: Fri, 04 Jan 2008 11:19:27 -0500
Cc: fluffy@cisco.com, sip@ietf.org
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0754049537=="
Errors-To: sip-bounces@ietf.org
Hi Rohan,
I have following doubts in draft:
1) There is a typo (I think) in section 5.3
If the flow in the flow token in the topmost Route header field value
matches the source of the request, the request *in* an "outgoing"
request. For an "outgoing" request, the edge proxy just removes the
Route header and continues processing the request. Otherwise, this
is an "incoming" request.
Instead of "in" there should be "is"
2) Section 5.3(Forwarding Non-Register requests), evaluates inbound/outbound
on the basis of Flow token.
If the flow in the flow token in the topmost Route header field value
matches the source of the request, the request in an "outgoing"
request. For an "outgoing" request, the edge proxy just removes the
Route header and continues processing the request. Otherwise, this
is an "incoming" request.
However in the mentioned decode algorithm, above mismatch will lead to
sending 403 forbidden.
Example Algorithm: To decode the flow token, take the flow
identifier in the user portion of the URI and base64 decode it,
then verify the HMAC is correct by recomputing the HMAC and
checking that it matches. If the HMAC is not correct, the proxy
SHOULD send a 403 (Forbidden) response. If the HMAC is correct
then the proxy SHOULD forward the request on the flow that was
specified by the information in the flow identifier. If this flow
no longer exists, the proxy SHOULD send a 430 (Flow Failed)
response to the request.
I think inbound/outbound determination can be left to the proxy's own
implementation.
Regarding sending 403 response when HMAC mismatch happens, I am not clear
how will any request be sent to UEs
Considering an Edge proxy receives request from some other server
(authoritative server), the flow token in route header would be
pointing to UEs source address(or NAT mapped address) but the value which
Edge proxy will compute will be based on the source address of other server.
Thus, in case of inbound all requests will be rejected by 403 .
Please correct me !
Thanks
Hulbut
_______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- [Sip] Few Doubts/comments in draft-ietf-sip-outbo… Hulbut hulbut