IETF Logo Mail Archive

RE: [Sip] B2BUA - Security

"Christian Huitema" <huitema@windows.microsoft.com> Fri, 06 December 2002 01:57 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA09312 for <sip-archive@odin.ietf.org>; Thu, 5 Dec 2002 20:57:29 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id gB61xuE08311 for sip-archive@odin.ietf.org; Thu, 5 Dec 2002 20:59:56 -0500
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id gB61u6v08111; Thu, 5 Dec 2002 20:56:06 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id gB61twv08091 for <sip@optimus.ietf.org>; Thu, 5 Dec 2002 20:55:58 -0500
Received: from mail4.microsoft.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id UAA09174 for <sip@ietf.org>; Thu, 5 Dec 2002 20:53:00 -0500 (EST)
Received: from inet-vrs-04.redmond.corp.microsoft.com ([157.54.8.149]) by mail4.microsoft.com with Microsoft SMTPSVC(5.0.2195.5600); Thu, 5 Dec 2002 17:55:08 -0800
Received: from 157.54.8.23 by inet-vrs-04.redmond.corp.microsoft.com (InterScan E-Mail VirusWall NT); Thu, 05 Dec 2002 17:55:03 -0800
Received: from RED-IMC-01.redmond.corp.microsoft.com ([157.54.9.102]) by inet-hub-01.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.5600); Thu, 5 Dec 2002 17:55:10 -0800
Received: from WIN-IMC-02.wingroup.windeploy.ntdev.microsoft.com ([157.54.0.84]) by RED-IMC-01.redmond.corp.microsoft.com with Microsoft SMTPSVC(5.0.2195.5600); Thu, 5 Dec 2002 17:55:09 -0800
Received: from WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com ([157.54.12.81]) by WIN-IMC-02.wingroup.windeploy.ntdev.microsoft.com with Microsoft SMTPSVC(6.0.3710.0); Thu, 5 Dec 2002 17:55:05 -0800
X-MimeOLE: Produced By Microsoft Exchange V6.5.6803.0
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: RE: [Sip] B2BUA - Security
Date: Thu, 05 Dec 2002 17:55:05 -0800
Message-ID: <DAC3FCB50E31C54987CD10797DA511BA1D7844@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>
Thread-Topic: [Sip] B2BUA - Security
Thread-Index: AcKck3dWFE/Y18xZSImGMp6KJbqPYwANvdUA
From: Christian Huitema <huitema@windows.microsoft.com>
To: "Mahey, Sonit" <Sonit.Mahey@icn.siemens.com>, Jonathan Rosenberg <jdrosen@dynamicsoft.com>, Pete Cordell <pete@tech-know-ware.com>
Cc: sip@ietf.org
X-OriginalArrivalTime: 06 Dec 2002 01:55:05.0492 (UTC) FILETIME=[7F6C3540:01C29CCA]
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by www1.ietf.org id gB61twv08092
Sender: sip-admin@ietf.org
Errors-To: sip-admin@ietf.org
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 8bit

The sending UA places the result of the STUN translation in the SDP, not
the private addresses and port numbers.

> -----Original Message-----
> From: Mahey, Sonit [mailto:Sonit.Mahey@icn.siemens.com]
> Sent: Thursday, December 05, 2002 10:00 AM
> To: Christian Huitema; Jonathan Rosenberg; Pete Cordell
> Cc: sip@ietf.org
> Subject: RE: [Sip] B2BUA - Security
> 
> Thanks, Christian.
> 
> Assuming IPv4 addresses and without delving into the draft RFC on
STUN:
> The SDP contains the RTP/RTCP port numbers that are private and these
are
> also required to be NAT'd. Now, if the SDP, which forms part of the
SIP
> body, is encrypted, how will RTP/RTCP ports be translated?
> 
> regards,
> - sonit
> 
> > -----Original Message-----
> > From: Christian Huitema [mailto:huitema@windows.microsoft.com]
> > Sent: Thursday, December 05, 2002 12:54 PM
> > To: Mahey, Sonit; Jonathan Rosenberg; Pete Cordell
> > Cc: sip@ietf.org
> > Subject: RE: [Sip] B2BUA - Security
> >
> >
> > > From: Mahey, Sonit [mailto:Sonit.Mahey@icn.siemens.com]
> > > Sent: Thursday, December 05, 2002 9:14 AM
> > >
> > > I agree with Jonathan.
> > >
> > > That brings up the question:
> > > Is NAT traversal for encrypted SIP traffic addressed anywhere?
> >
> > There are two possibilities. If your application only uses UDP, it
is
> > possible to use IPv4 and STUN to find out the "outside ports" for
your
> > UDP traffic (check draft-ietf-midcom-stun-03.txt); you may need to
use
> > the "a:rtcp" convention to encode port numbers in SDP (check
> > draft-ietf-mmusic-sdp4nat-03.txt). If you need to also support TCP,
or
> > use IPSEC, or generally do away with the complications of
> > NAT, the best
> > solution is to just move to IPv6; see Teredo
> > (draft-ietf-ngtrans-shipworm-08.txt) for one possible way to
> > carry IPv6
> > across NAT, and 6to4 (RFC 3056 & 3068) for a possible way to
> > upgrade the
> > NAT and make it an IPv6 router.
> >
> > -- Christian Huitema
> >
> _______________________________________________
> Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
> This list is for NEW development of the core SIP Protocol
> Use sip-implementors@cs.columbia.edu for questions on current sip
> Use sipping@ietf.org for new developments on the application of sip
_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip

v2.23.0 | Report a Bug | By Email