RE: [Sip] B2BUA - Security
"Christian Huitema" <huitema@windows.microsoft.com> Fri, 06 December 2002 01:57 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA09312 for <sip-archive@odin.ietf.org>; Thu, 5 Dec 2002 20:57:29 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id gB61xuE08311 for sip-archive@odin.ietf.org; Thu, 5 Dec 2002 20:59:56 -0500
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id gB61u6v08111; Thu, 5 Dec 2002 20:56:06 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id gB61twv08091 for <sip@optimus.ietf.org>; Thu, 5 Dec 2002 20:55:58 -0500
Received: from mail4.microsoft.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA09174 for <sip@ietf.org>; Thu, 5 Dec 2002 20:53:00 -0500 (EST)
Received: from inet-vrs-04.redmond.corp.microsoft.com ([157.54.8.149]) by mail4.microsoft.com with Microsoft SMTPSVC(5.0.2195.5600); Thu, 5 Dec 2002 17:55:08 -0800
Received: from 157.54.8.23 by inet-vrs-04.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Thu, 05 Dec 2002 17:55:03 -0800
Received: from RED-IMC-01.redmond.corp.microsoft.com ([157.54.9.102]) by inet-hub-01.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.5600); Thu, 5 Dec 2002 17:55:10 -0800
Received: from WIN-IMC-02.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.84]) by RED-IMC-01.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.5600); Thu, 5 Dec 2002 17:55:09 -0800
Received: from WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com ([157.54.12.81]) by WIN-IMC-02.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3710.0); Thu, 5 Dec 2002 17:55:05 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5.6803.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: RE: [Sip] B2BUA - Security
Date: Thu, 05 Dec 2002 17:55:05 -0800
Message-ID: <DAC3FCB50E31C54987CD10797DA511BA1D7844@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>
Thread-Topic: [Sip] B2BUA - Security
Thread-Index: AcKck3dWFE/Y18xZSImGMp6KJbqPYwANvdUA
From: Christian Huitema <huitema@windows.microsoft.com>
To: "Mahey, Sonit" <Sonit.Mahey@icn.siemens.com>, Jonathan Rosenberg <jdrosen@dynamicsoft.com>, Pete Cordell <pete@tech-know-ware.com>
Cc: sip@ietf.org
X-OriginalArrivalTime: 06 Dec 2002 01:55:05.0492 (UTC) FILETIME=[7F6C3540:01C29CCA]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by www1.ietf.org id gB61twv08092
Sender: sip-admin@ietf.org
Errors-To: sip-admin@ietf.org
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 8bit
The sending UA places the result of the STUN translation in the SDP, not the private addresses and port numbers. > -----Original Message----- > From: Mahey, Sonit [mailto:Sonit.Mahey@icn.siemens.com] > Sent: Thursday, December 05, 2002 10:00 AM > To: Christian Huitema; Jonathan Rosenberg; Pete Cordell > Cc: sip@ietf.org > Subject: RE: [Sip] B2BUA - Security > > Thanks, Christian. > > Assuming IPv4 addresses and without delving into the draft RFC on STUN: > The SDP contains the RTP/RTCP port numbers that are private and these are > also required to be NAT'd. Now, if the SDP, which forms part of the SIP > body, is encrypted, how will RTP/RTCP ports be translated? > > regards, > - sonit > > > -----Original Message----- > > From: Christian Huitema [mailto:huitema@windows.microsoft.com] > > Sent: Thursday, December 05, 2002 12:54 PM > > To: Mahey, Sonit; Jonathan Rosenberg; Pete Cordell > > Cc: sip@ietf.org > > Subject: RE: [Sip] B2BUA - Security > > > > > > > From: Mahey, Sonit [mailto:Sonit.Mahey@icn.siemens.com] > > > Sent: Thursday, December 05, 2002 9:14 AM > > > > > > I agree with Jonathan. > > > > > > That brings up the question: > > > Is NAT traversal for encrypted SIP traffic addressed anywhere? > > > > There are two possibilities. If your application only uses UDP, it is > > possible to use IPv4 and STUN to find out the "outside ports" for your > > UDP traffic (check draft-ietf-midcom-stun-03.txt); you may need to use > > the "a:rtcp" convention to encode port numbers in SDP (check > > draft-ietf-mmusic-sdp4nat-03.txt). If you need to also support TCP, or > > use IPSEC, or generally do away with the complications of > > NAT, the best > > solution is to just move to IPv6; see Teredo > > (draft-ietf-ngtrans-shipworm-08.txt) for one possible way to > > carry IPv6 > > across NAT, and 6to4 (RFC 3056 & 3068) for a possible way to > > upgrade the > > NAT and make it an IPv6 router. > > > > -- Christian Huitema > > > _______________________________________________ > Sip mailing list https://www1.ietf.org/mailman/listinfo/sip > This list is for NEW development of the core SIP Protocol > Use sip-implementors@cs.columbia.edu for questions on current sip > Use sipping@ietf.org for new developments on the application of sip _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- RE: [Sip] B2BUA - Security Mahey, Sonit
- RE: [Sip] B2BUA - Security Christian Huitema
- RE: [Sip] B2BUA - Security Mahey, Sonit
- RE: [Sip] B2BUA - Security Adam Roach
- RE: [Sip] B2BUA - Security Christian Huitema
- Re: [Sip] B2BUA - Security Jonathan Rosenberg
- Re: [Sip] B2BUA - Security Rohan Mahy
- RE: [Sip] B2BUA - Security Mark Watson
- Re: [Sip] B2BUA - Security Jonathan Rosenberg
- RE: [Sip] B2BUA - Security Mahey, Sonit
- Re: [Sip] B2BUA - Security Rohan Mahy
- Re: [Sip] B2BUA - Security Pete Cordell
- Re: [Sip] B2BUA - Security Rohan Mahy