Re: [Sip] Need for RPH in SIP Responses
Jeroen van Bemmel <jbemmel@zonnet.nl> Wed, 21 November 2007 22:59 UTC
Return-path: <sip-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IuyXn-0007YH-FJ; Wed, 21 Nov 2007 17:59:43 -0500
Received: from sip by megatron.ietf.org with local (Exim 4.43) id 1IuyXl-0007Qw-IT for sip-confirm+ok@megatron.ietf.org; Wed, 21 Nov 2007 17:59:41 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IuyXl-0007OJ-5e for sip@ietf.org; Wed, 21 Nov 2007 17:59:41 -0500
Received: from smtp3.versatel.nl ([62.58.50.90]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IuyXi-0001MY-Du for sip@ietf.org; Wed, 21 Nov 2007 17:59:41 -0500
Received: (qmail 5526 invoked by uid 0); 21 Nov 2007 22:59:13 -0000
Received: from ip198-11-212-87.adsl2.versatel.nl (HELO [192.168.1.6]) ([87.212.11.198]) (envelope-sender <jbemmel@zonnet.nl>) by smtp3.versatel.nl (qmail-ldap-1.03) with SMTP for < >; 21 Nov 2007 22:59:13 -0000
Message-ID: <4744B854.1040605@zonnet.nl>
Date: Wed, 21 Nov 2007 23:59:32 +0100
From: Jeroen van Bemmel <jbemmel@zonnet.nl>
User-Agent: Thunderbird 2.0.0.9 (Windows/20071031)
MIME-Version: 1.0
To: "DOLLY, MARTIN C, ATTLABS" <mdolly@att.com>
Subject: Re: [Sip] Need for RPH in SIP Responses
References: <A09345776B6C7A4985573569C0F3004318E7A558@rrc-dte-exs01.dte.telcordia.com> <47449FA0.6050904@zonnet.nl> <28F05913385EAC43AF019413F674A0171246E6B9@OCCLUST04EVS1.ugd.att.com>
In-Reply-To: <28F05913385EAC43AF019413F674A0171246E6B9@OCCLUST04EVS1.ugd.att.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 0fa76816851382eb71b0a882ccdc29ac
Cc: sip@ietf.org, "Sandesara, Niranjan B" <nsandesa@telcordia.com>
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Errors-To: sip-bounces@ietf.org
Martin,
It appears we have a different view on what constitutes the Internet -
perhaps because I am not from the US. In any case, I was referring to
the Internet as a whole, exactly as in RFC3455:
The SIP extensions specified in this document make certain
assumptions regarding network topology, linkage between SIP and lower
layers, and the availability of transitive trust. These assumptions
are generally NOT APPLICABLE in the Internet as a whole.
The proposed mechanism is only secure under assumptions that do not hold
in the Internet as a whole. It is not only a minor change from the
current RPH usage, as draft-polk-sip-rph-in-responses-00 tries to say
("The only new security threat...")
To me, there are 3 things that could happen:
1. ignore/accept it and generate an RFC
2. define additional security measures to mitigate
3. consider a different solution
Regards,
Jeroen
DOLLY, MARTIN C, ATTLABS wrote:
> Jeroen,
>
> It does apply to a concatenation of managed networks, lets say
> UE-AT&T-Verizon-UE...Oh, this is the same concatenation for what you are
> referring to as the "internet"..right? Only difference is a different
> portion of our IP backbones.
>
> More important here (please just don't cut/paste the above without
> this), for wireless access the user's priority level may change based on
> call processing, including authentication, and this needs to be relayed
> back to the wireless access.
>
> Cheers,
>
> Martin
>
> -----Original Message-----
> From: Jeroen van Bemmel [mailto:jbemmel@zonnet.nl]
> Sent: Wednesday, November 21, 2007 4:14 PM
> To: Sandesara, Niranjan B
> Cc: sip@ietf.org
> Subject: Re: [Sip] Need for RPH in SIP Responses
>
> Niranjan,
>
>
>> As has been pointed out earlier, possible security risk of permitting
>> RPH in SIP responses is minimal in managed IP networks where this
>> capability is generally expected to be used.
>>
>>
> For this argument to apply, the element sending the RPH header in a
> response and the element acting on it should both be in the same domain.
>
> In other words you are talking about a closed system, a very specific
> environment. The use of this header in this way then clearly does not
> apply to the Internet; the proper way to standardize this is as a
> P-header (instead of taking a header which is already defined in a
> "approved-for-the-Internet" RFC, and modifying its allowed use to
> accommodate for a non-Internet use)
>
> Regards,
> Jeroen
>
>
> _______________________________________________
> Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
> This list is for NEW development of the core SIP Protocol
> Use sip-implementors@cs.columbia.edu for questions on current sip
> Use sipping@ietf.org for new developments on the application of sip
>
>
_______________________________________________
Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip
- Re: [Sip] Need for RPH in SIP Responses ken carlberg
- [Sip] Need for RPH in SIP Responses Sandesara, Niranjan B
- Re: [Sip] Need for RPH in SIP Responses Jeroen van Bemmel
- RE: [Sip] Need for RPH in SIP Responses DOLLY, MARTIN C, ATTLABS
- Re: [Sip] Need for RPH in SIP Responses Jeroen van Bemmel
- RE: [Sip] Need for RPH in SIP Responses DRAGE, Keith (Keith)
- Re: [Sip] Need for RPH in SIP Responses Joel M. Halpern
- RE: [Sip] Need for RPH in SIP Responses DRAGE, Keith (Keith)
- [Sip] Need for RPH in SIP Responses Sandesara, Niranjan B
- Re: [Sip] Need for RPH in SIP Responses Janet P Gunn
- Re: [Sip] Need for RPH in SIP Responses ken carlberg