[Sip] comments on draft-ietf-sip-record-route-fix-01
Jonathan Rosenberg <jdrosen@cisco.com> Mon, 03 December 2007 08:02 UTC
Return-path: <sip-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Iz6GL-0003jK-Uw; Mon, 03 Dec 2007 03:02:45 -0500
Received: from sip by megatron.ietf.org with local (Exim 4.43) id 1Iz6GI-0003eC-8I for sip-confirm+ok@megatron.ietf.org; Mon, 03 Dec 2007 03:02:42 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Iz6GD-0003d5-N8 for sip@ietf.org; Mon, 03 Dec 2007 03:02:37 -0500
Received: from sj-iport-6.cisco.com ([171.71.176.117]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1Iz6GD-00052f-4S for sip@ietf.org; Mon, 03 Dec 2007 03:02:37 -0500
Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-6.cisco.com with ESMTP; 03 Dec 2007 00:02:36 -0800
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-3.cisco.com (8.12.11/8.12.11) with ESMTP id lB382aSj016245 for <sip@ietf.org>; Mon, 3 Dec 2007 00:02:36 -0800
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id lB382M1j023244 for <sip@ietf.org>; Mon, 3 Dec 2007 08:02:36 GMT
Received: from xfe-sjc-211.amer.cisco.com ([171.70.151.174]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 3 Dec 2007 00:02:28 -0800
Received: from [10.21.87.30] ([10.21.87.30]) by xfe-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 3 Dec 2007 00:02:28 -0800
Message-ID: <47538524.1010205@cisco.com>
Date: Sun, 02 Dec 2007 23:25:08 -0500
From: Jonathan Rosenberg <jdrosen@cisco.com>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: IETF SIP List <sip@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 03 Dec 2007 08:02:28.0188 (UTC) FILETIME=[D8F2F1C0:01C83582]
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=3805; t=1196668956; x=1197532956; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jdrosen@cisco.com; z=From:=20Jonathan=20Rosenberg=20<jdrosen@cisco.com> |Subject:=20comments=20on=20draft-ietf-sip-record-route-fix-01 |Sender:=20; bh=GGFMp0SO2KQ+8i4k2nccYl+dOUe+EiCdGbl8fKQfKsw=; b=c8V6rYVUbyOJ4fpTS7LpX59QkcHiNGLYKD7vX+zP1fFcFCftUFDpx0MHU5CrjEY06+/uu5md Ve5ECPG3ejkFuu1YBsqVIzm+tiEFFwUcFreLC0NmJKWc4cbsdzlu5L/t;
Authentication-Results: sj-dkim-3; header.From=jdrosen@cisco.com; dkim=pass ( sig from cisco.com/sjdkim3002 verified; );
X-Spam-Score: 1.4 (+)
X-Scan-Signature: 3002fc2e661cd7f114cb6bae92fe88f1
Subject: [Sip] comments on draft-ietf-sip-record-route-fix-01
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Errors-To: sip-bounces@ietf.org
Firstly, I am still of the opinion that this is NOT an essential
correction to SIP, but rather a BCP. Clearly the record-route mechanism
in RFC3261 itself still works and works fine for the cases where it is
applicable. Documenting double-record routing makes sense, but I do not
believe it should replace what is in RFC3261 or obsolete it. There is no
reason to do it, and its unrealistic to think that everyone who is doing
rr-rewriting will go an change their implementation because IETF decided
to deprecate something that works.
Section 3.1: this is an unrealistic use case. If this were the actual
network, no media would be able to flow in the resulting session.
Section 3.2: the indented text seems to include both the original
rfc3261 text and commentary on it; I think only the orginal text should
be indented.
> often been noticed that letting [RFC3261] with the Record-Route
> rewriting as the only technique described in core specification is
> dangerous, due to the fact that rewriting has some heavy drawbacks.
this is hyperbole, and not supported by the two points which follow:
> 1) Callee cannot sign the route set, because it gets edited by the
> proxy in the response. Consequently, end-to-end protection of the
> route set can not be supported by the protocol. The openness and
> the end-to-end principles are broken (!)...
sign the route set?? This has never been possible. Even S/MIME doesn't
support that:
Header fields that can be legitimately modified by proxy servers are:
Request-URI, Via, Record-Route, Route, Max-Forwards, and Proxy-
Authorization. If these header fields are not intact end-to-end,
implementations SHOULD NOT consider this a breach of security
I don't know what real attack or real problem you are talking about here.
> 2) Proxy must implement special "multi-homed" stateful logic. On
> the request phase, it goes through output interface calculation
> and writes the output interface into the route. It must then
> inspect all responses, grep for an input interface, and
> selectively edit them to reference the correct output interface:
> this is a CPU drag.
it is true that there is additional CPU cost. However, that is hardly
"dangerous". And, I suspect, in most cases, not a very big CPU burden.
I'm not opposed to double record-routing; I am taking objection to the
vilification of what is in RFC 3261.
> Thus, on the request processing side: item 4 of section 16.6 of
> [RFC3261], it SHOULD be noticed that the URI MAY contain the
I don't know what it means to SHOULD notice something. Why is this text
indented?
> This technique has many benefits, and is completely backwards
> compatible with [RFC3261]. It consists in putting as the first
> value, the Route of receiving interface, including schemes and/or URI
> parameters, and, as second value, the Route of the sending interface.
> When processing the response, no modification of the recorded route
> is required.
s/Route/URI
Section 5 has odd indenting.
The document is hard to follow; it intermixes restatements of RFC3261
sections along with other normative text which is not defined as a
restateemnt of rfc3261.
I think it would be a clearer document, in fact, if it were not an
essential correction and instead a clear description of how to double
record-route and when to do it.
-Jonathan R.
--
Jonathan D. Rosenberg, Ph.D. 499 Thornall St.
Cisco Fellow Edison, NJ 08837
Cisco, Voice Technology Group
jdrosen@cisco.com
http://www.jdrosen.net PHONE: (408) 902-3084
http://www.cisco.com
_______________________________________________
Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip
- [Sip] comments on draft-ietf-sip-record-route-fix… Jonathan Rosenberg
- Re: [Sip] comments on draft-ietf-sip-record-route… Thomas Froment
- Re: [Sip] comments on draft-ietf-sip-record-route… Dean Willis
- Re: [Sip] comments on draft-ietf-sip-record-route… Jonathan Rosenberg
- Re: [Sip] comments on draft-ietf-sip-record-route… Dean Willis