IETF Logo Mail Archive

RE: [Sip] Need for RPH in SIP Responses

"DRAGE, Keith \(Keith\)" <drage@alcatel-lucent.com> Thu, 22 November 2007 16:44 UTC

Return-path: <sip-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IvF9t-0004vw-5T; Thu, 22 Nov 2007 11:44:09 -0500
Received: from sip by megatron.ietf.org with local (Exim 4.43) id 1IvF9r-0004vg-HF for sip-confirm+ok@megatron.ietf.org; Thu, 22 Nov 2007 11:44:07 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IvF9r-0004vW-5Z for sip@ietf.org; Thu, 22 Nov 2007 11:44:07 -0500
Received: from ihemail3.lucent.com ([135.245.0.37]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IvF9q-0004rf-Ca for sip@ietf.org; Thu, 22 Nov 2007 11:44:07 -0500
Received: from ilexp01.ndc.lucent.com (h135-3-39-1.lucent.com [135.3.39.1]) by ihemail3.lucent.com (8.13.8/IER-o) with ESMTP id lAMGi1gY022822; Thu, 22 Nov 2007 10:44:05 -0600 (CST)
Received: from DEEXP02.DE.lucent.com ([135.248.187.66]) by ilexp01.ndc.lucent.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 22 Nov 2007 10:44:01 -0600
Received: from DEEXC1U01.de.lucent.com ([135.248.187.28]) by DEEXP02.DE.lucent.com with Microsoft SMTPSVC(6.0.3790.1830); Thu, 22 Nov 2007 17:43:59 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Sip] Need for RPH in SIP Responses
Date: Thu, 22 Nov 2007 17:43:58 +0100
Message-ID: <5D1A7985295922448D5550C94DE29180019745B2@DEEXC1U01.de.lucent.com>
In-Reply-To: <474575F5.5000201@joelhalpern.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Sip] Need for RPH in SIP Responses
Thread-Index: AcgtAzs5Wf8yplfKShqrQmbnLJIUJQAI0TlA
References: <A09345776B6C7A4985573569C0F3004318E7A558@rrc-dte-exs01.dte.telcordia.com><47449FA0.6050904@zonnet.nl><28F05913385EAC43AF019413F674A0171246E6B9@OCCLUST04EVS1.ugd.att.com> <4744B854.1040605@zonnet.nl> <5D1A7985295922448D5550C94DE291800197445E@DEEXC1U01.de.lucent.com> <474575F5.5000201@joelhalpern.com>
From: "DRAGE, Keith (Keith)" <drage@alcatel-lucent.com>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
X-OriginalArrivalTime: 22 Nov 2007 16:43:59.0334 (UTC) FILETIME=[E161A860:01C82D26]
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.37
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 963faf56c3a5b6715f0b71b66181e01a
Cc: sip@ietf.org
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Errors-To: sip-bounces@ietf.org

Just to be clear, I personally was not arguing against the use cases.

I was pointing out that issues were being raised in discussing RPH in responses that were nothing to do with the new use cases, but appeared to be equally issues with RPH in requests.

Such discussion is an issue with RFC 4412, not an issue with either author draft, and should be discussed, but on a different thread. 

Regards

Keith

> -----Original Message-----
> From: Joel M. Halpern [mailto:jmh@joelhalpern.com] 
> Sent: Thursday, November 22, 2007 12:29 PM
> To: DRAGE, Keith (Keith)
> Cc: Jeroen van Bemmel; DOLLY, MARTIN C, ATTLABS; 
> sip@ietf.org; Sandesara, Niranjan B
> Subject: Re: [Sip] Need for RPH in SIP Responses
> 
> As I read the documents, there is a real point that prompts 
> the need for RPH in responses.  This has nothing to do with 
> stateless proxies.
> Rather, it has to do with the case where the device assigning 
> the RPH is upstream of a device that needs to make use of the 
> information.
> 
> That situation seems to be quite reasonable, does not require 
> a B2BUA, and can be reasonably recognized and acted upon in a 
> number of different network topologies.
> 
> However, some of the discussion has raised questions that do 
> need to be clarified in the document which actually defines 
> the extension.  Issues such as whether a response can have a 
> lower priority in its RPH than a request, appropriately 
> trusting / using the RPH in the response, etc.
> It appears to me that part of the confusion about those 
> issues is that there are related issues (such as the scope of 
> the RPH, and changes during a dialog) that apply to the 
> original document and are not well specified.
> 
> Yours,
> Joel M. Halpern
> 
> PS: In addition to the fact that the basic problem described 
> in the I-D does not depend upon the stateless / stateful 
> nature of the proxy, the reason I avoid the stateless proxy 
> aspect is that I doubt very much that an RPH in a response 
> will noticeably affect the actual response processing if no 
> other steps were taken before one got to parsing
> sufficient header to get to that.   Until this upstream 
> notification was
> brought forward, I was doubtful about the use of the header 
> in this fashion.
> 
> DRAGE, Keith (Keith) wrote:
> > Again, I would like to understand whether there is a 
> specific issue with regard to RPH in responses, or whether 
> this is a discussion of a failing of RFC 4412 as published 
> for requests.
> > 
> > I am not seeing a point here that relations specifically to 
> RPH in responses.
> > 
> > Regards
> > 
> > Keith
> > 
> >> -----Original Message-----
> >> From: Jeroen van Bemmel [mailto:jbemmel@zonnet.nl]
> >> Sent: Wednesday, November 21, 2007 11:00 PM
> >> To: DOLLY, MARTIN C, ATTLABS
> >> Cc: sip@ietf.org; Sandesara, Niranjan B
> >> Subject: Re: [Sip] Need for RPH in SIP Responses
> >>
> >> Martin,
> >>
> >> It appears we have a different view on what constitutes 
> the Internet 
> >> - perhaps because I am not from the US. In any case, I was 
> referring 
> >> to the Internet as a whole, exactly as in RFC3455:
> >>
> >> The SIP extensions specified in this document make certain
> >>    assumptions regarding network topology, linkage between SIP and 
> >> lower
> >>    layers, and the availability of transitive trust.  These 
> >> assumptions
> >>    are generally NOT APPLICABLE in the Internet as a whole.
> >>
> >> The proposed mechanism is only secure under assumptions 
> that do not 
> >> hold in the Internet as a whole. It is not only a minor 
> change from 
> >> the current RPH usage, as 
> draft-polk-sip-rph-in-responses-00 tries to 
> >> say ("The only new security threat...")
> >>
> >> To me, there are 3 things that could happen:
> >> 1. ignore/accept it and generate an RFC 2. define 
> additional security 
> >> measures to mitigate 3.
> >> consider a different solution
> >>
> >> Regards,
> >> Jeroen
> >>
> >> DOLLY, MARTIN C, ATTLABS wrote:
> >>> Jeroen,
> >>>
> >>> It does apply to a concatenation of managed networks, lets say 
> >>> UE-AT&T-Verizon-UE...Oh, this is the same concatenation for
> >> what you
> >>> are referring to as the "internet"..right? Only difference is a 
> >>> different portion of our IP backbones.
> >>>
> >>> More important here (please just don't cut/paste the 
> above without 
> >>> this), for wireless access the user's priority level may
> >> change based
> >>> on call processing, including authentication, and this 
> needs to be 
> >>> relayed back to the wireless access.
> >>>
> >>> Cheers,
> >>>
> >>> Martin
> >>>
> >>> -----Original Message-----
> >>> From: Jeroen van Bemmel [mailto:jbemmel@zonnet.nl]
> >>> Sent: Wednesday, November 21, 2007 4:14 PM
> >>> To: Sandesara, Niranjan B
> >>> Cc: sip@ietf.org
> >>> Subject: Re: [Sip] Need for RPH in SIP Responses
> >>>
> >>> Niranjan,
> >>>
> >>>   
> >>>> As has been pointed out earlier, possible security risk of
> >> permitting
> >>>> RPH in SIP responses is minimal in managed IP networks 
> where this 
> >>>> capability is generally expected to be used.
> >>>>
> >>>>     
> >>> For this argument to apply, the element sending the RPH 
> header in a 
> >>> response and the element acting on it should both be in the
> >> same domain.
> >>> In other words you are talking about a closed system, a
> >> very specific
> >>> environment. The use of this header in this way then
> >> clearly does not
> >>> apply to the Internet; the proper way to standardize this is as a 
> >>> P-header (instead of taking a header which is already 
> defined in a 
> >>> "approved-for-the-Internet" RFC, and modifying its allowed use to 
> >>> accommodate for a non-Internet use)
> >>>
> >>> Regards,
> >>> Jeroen
> >>>
> >>>
> >>> _______________________________________________
> >>> Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
> >>> This list is for NEW development of the core SIP Protocol Use 
> >>> sip-implementors@cs.columbia.edu for questions on current sip Use 
> >>> sipping@ietf.org for new developments on the application of sip
> >>>
> >>>   
> >>
> >> _______________________________________________
> >> Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
> >> This list is for NEW development of the core SIP Protocol Use 
> >> sip-implementors@cs.columbia.edu for questions on current sip Use 
> >> sipping@ietf.org for new developments on the application of sip
> >>
> > 
> > 
> > _______________________________________________
> > Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
> > This list is for NEW development of the core SIP Protocol Use 
> > sip-implementors@cs.columbia.edu for questions on current sip Use 
> > sipping@ietf.org for new developments on the application of sip
> > 
> 


_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip

v2.23.0 | Report a Bug | By Email