IETF Logo Mail Archive

RE: [Sip] B2BUA - Security

"Mahey, Sonit" <Sonit.Mahey@icn.siemens.com> Thu, 05 December 2002 18:00 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA21543 for <sip-archive@odin.ietf.org>; Thu, 5 Dec 2002 13:00:54 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id gB5I3Hf10403 for sip-archive@odin.ietf.org; Thu, 5 Dec 2002 13:03:17 -0500
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id gB5I2vv10383; Thu, 5 Dec 2002 13:02:57 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id gB5I0Zv10275 for <sip@optimus.ietf.org>; Thu, 5 Dec 2002 13:00:35 -0500
Received: from brmx1.fl.icn.siemens.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA21479 for <sip@ietf.org>; Thu, 5 Dec 2002 12:57:41 -0500 (EST)
Received: from boca210a.boca.ssc.siemens.com (boca210a.boca.ssc.siemens.com [165.218.12.110]) by brmx1.fl.icn.siemens.com (8.9.3/8.9.3) with ESMTP id NAA20782; Thu, 5 Dec 2002 13:00:27 -0500 (EST)
Received: by BOCA210A with Internet Mail Service (5.5.2653.19) id <XGAX9NPY>; Thu, 5 Dec 2002 13:00:27 -0500
Message-ID: <DC26B4448BEC824C8C4E58845FF9F04CA774EE@EMAIL2>
From: "Mahey, Sonit" <Sonit.Mahey@icn.siemens.com>
To: 'Christian Huitema' <huitema@windows.microsoft.com>, Jonathan Rosenberg <jdrosen@dynamicsoft.com>, Pete Cordell <pete@tech-know-ware.com>
Cc: sip@ietf.org
Subject: RE: [Sip] B2BUA - Security
Date: Thu, 05 Dec 2002 13:00:20 -0500
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain; charset="iso-8859-1"
Sender: sip-admin@ietf.org
Errors-To: sip-admin@ietf.org
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>

Thanks, Christian.

Assuming IPv4 addresses and without delving into the draft RFC on STUN:
The SDP contains the RTP/RTCP port numbers that are private and these are
also required to be NAT'd. Now, if the SDP, which forms part of the SIP
body, is encrypted, how will RTP/RTCP ports be translated?

regards,
- sonit

> -----Original Message-----
> From: Christian Huitema [mailto:huitema@windows.microsoft.com]
> Sent: Thursday, December 05, 2002 12:54 PM
> To: Mahey, Sonit; Jonathan Rosenberg; Pete Cordell
> Cc: sip@ietf.org
> Subject: RE: [Sip] B2BUA - Security
> 
> 
> > From: Mahey, Sonit [mailto:Sonit.Mahey@icn.siemens.com]
> > Sent: Thursday, December 05, 2002 9:14 AM
> >
> > I agree with Jonathan.
> > 
> > That brings up the question:
> > Is NAT traversal for encrypted SIP traffic addressed anywhere?
> 
> There are two possibilities. If your application only uses UDP, it is
> possible to use IPv4 and STUN to find out the "outside ports" for your
> UDP traffic (check draft-ietf-midcom-stun-03.txt); you may need to use
> the "a:rtcp" convention to encode port numbers in SDP (check
> draft-ietf-mmusic-sdp4nat-03.txt). If you need to also support TCP, or
> use IPSEC, or generally do away with the complications of 
> NAT, the best
> solution is to just move to IPv6; see Teredo
> (draft-ietf-ngtrans-shipworm-08.txt) for one possible way to 
> carry IPv6
> across NAT, and 6to4 (RFC 3056 & 3068) for a possible way to 
> upgrade the
> NAT and make it an IPv6 router.
> 
> -- Christian Huitema
> 
_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip

v2.23.0 | Report a Bug | By Email