Re: [sipcore] Proposal for a new SIP transport (WebSocket)
Paul Kyzivat <pkyzivat@alum.mit.edu> Thu, 03 November 2011 15:14 UTC
Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: sipcore@ietfa.amsl.com
Delivered-To: sipcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4B5E1F0C96 for <sipcore@ietfa.amsl.com>; Thu, 3 Nov 2011 08:14:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.954
X-Spam-Level:
X-Spam-Status: No, score=-1.954 tagged_above=-999 required=5 tests=[AWL=-0.255, BAYES_00=-2.599, J_CHICKENPOX_24=0.6, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b6AlY+jhaR4V for <sipcore@ietfa.amsl.com>; Thu, 3 Nov 2011 08:14:58 -0700 (PDT)
Received: from qmta10.westchester.pa.mail.comcast.net (qmta10.westchester.pa.mail.comcast.net [76.96.62.17]) by ietfa.amsl.com (Postfix) with ESMTP id 0465D1F0C34 for <sipcore@ietf.org>; Thu, 3 Nov 2011 08:14:57 -0700 (PDT)
Received: from omta10.westchester.pa.mail.comcast.net ([76.96.62.28]) by qmta10.westchester.pa.mail.comcast.net with comcast id sfCD1h0060cZkys5AfEwgk; Thu, 03 Nov 2011 15:14:56 +0000
Received: from Paul-Kyzivats-MacBook-Pro.local ([24.62.109.41]) by omta10.westchester.pa.mail.comcast.net with comcast id sfEv1h02i0tdiYw3WfEwgw; Thu, 03 Nov 2011 15:14:56 +0000
Message-ID: <4EB2AFEE.9050006@alum.mit.edu>
Date: Thu, 03 Nov 2011 11:14:54 -0400
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: Iñaki Baz Castillo <ibc@aliax.net>
References: <CALiegf=_8GuvEHPR=rFA3Urtj0WxzRFQ4W=_dxkCDKZMbHL_aw@mail.gmail.com> <CALiegf=pRjgBUpLxm3e7CopwSrS8e9BekKdF5ZZEW04S29-XnA@mail.gmail.com> <4EAEE023.6010600@alum.mit.edu> <CALiegfnqsGrSVCe0OgdaH6sMW2QkXkZ_TJg0SzVTE=EY9usyLw@mail.gmail.com> <4EAEFC94.3050207@alum.mit.edu> <CALiegfk1Annk8-W8K=A8h9nEq_4Lj0neepA59-NmDRk7RLXroQ@mail.gmail.com> <4EB0060A.5020106@alum.mit.edu> <CALiegfkAeMWrpF1=GDfBm55uOOhsqGuK_gyVBrr0Pa74PyphAg@mail.gmail.com>
In-Reply-To: <CALiegfkAeMWrpF1=GDfBm55uOOhsqGuK_gyVBrr0Pa74PyphAg@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: sipcore@ietf.org
Subject: Re: [sipcore] Proposal for a new SIP transport (WebSocket)
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sipcore>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Nov 2011 15:14:59 -0000
Trimming On 11/1/11 1:21 PM, Iñaki Baz Castillo wrote: >>> Ok. IMHO "sips" is just impossible to work since a proxy adding a >>> "sips" schema must use a domain in the Record-Route, and such domain >>> could resolve to multiple NAPTR/SRV/A/AAAA records, so we loose the >>> pach for in-dialog requests and that's critical when Outbound is being >>> used. However this is another history out of the scope here. >> >> Reports on problems trying to implement sips are welcome. > > Yes, sorry, let's discuss about it in a new future thread. Sounds good. >>> Let's assume that: >>> >>> - A SIP Websocket client is a real client (not a proxy or server). >>> - The spec will require Outbound so ;received and ;rport is 100% >>> useless (even more when the server cannot try the IP in >>> ;received/;rport for sending a response in case the connection is >>> closed since a WebSocket client does not listen for incoming >>> connections). >> >> I think you are saying that those are useless with outbound in general, so >> the remedy you are suggesting could be abstracted to all uses of outbound. >> Is that right? > > Well, in case of SIP over UDP/TCP/TLS usage of ;received param is > indeed useless. But in case of SIP over WebSocket is not just useless > but also dangerous as it reveals to the WS client the IP of a possible > TCP/HTTP load-balancer before the WebSocket SIP server. Such internal > IP is hidden for the WS client during the WebSocket handshake (an HTTP > GET request + 101 response). I'll respond below. >>> So IMHO it's clear that ;received is useless in SIP over WebSocket, >>> and it can reveal server internal infrastructure to the client. So, >>> what can we do here? IMHO the SIP WebSocket server/proxy should be >>> able not to set the ;received param given the above rationale. >> >> Why is this internal structure more important to hide in the websocket case >> than in other cases? Is this just for the paranoid? > > I'm not involved in HTTP scenarios but I got some interesting replies > about this subject in Hyby WG (WebSocket WG): > > http://www.ietf.org/mail-archive/web/hybi/current/msg09091.html > > Some text in that thread: > ------------------------------ > Yes, the problem comes from the fact that a protocol that is used across > a number of intermediaries would suddenly transport sensible information. > Internal IP addresses *are* sensible information to a number of companies. > Whether this makes sense or not is not our problem, these companies don't > want their internal networks to be unveiled to outers and they have their > reasons for this. Now if your usual WS server emits its address in every > response and the reverse-proxy that is placed in front of it does not > change it, all of your clients will get this information they don't need. > >> BTW it would be really great a simple "Connection-Source" header in >> the HTTP 101 response during the WS handshake. Examples: >> >> Connetion-Source: 34.67.123.94:26745 >> >> Connection-Source: [20a:12::3dde:190:ed5]:19443 > > Same problem, you'll divulgate the IP:port of the reverse-proxy to clients > and the number of reverse-proxies. It can even be used by attackers to > detect that they managed to crash one of them because after a specific > request, they use another one. > > An HTTP chain very commonly involves these components : > > [client]----[proxy]-------//// net ////-------[rproxy]------[server] > > The proxy commonly is on the client's network in enterprises, or at > the ISP's for home or mobile users. The "net" may involve a number of > transparent intermediaries, but that's not that much common though. > The reverse proxy (rproxy) generally is on the server side. It's in > fact common to see a long chain of many of them. 3-5 are not uncommon > these days, though some of them may be transparent. I have not even > represented NAT devices such as firewalls or some L4 load balancers > which often don't rewrite the source IP but change the source port. This above seems to describe exactly the same issues that I hear advanced as reasons for topology hiding in SIP. Hadriel - can you confirm that? >> One of the justifications for SBCs is so that they can do "topology hiding". >> Are you just asking for a special case of this? > > Well, IMHO "topolgy hiding" means that the SBC hides leg-A details into leg-B. > What I'm suggesting is that the server (the SIP WebSocket server) > should not reveal to the client sensible information about internal IP > addresses of the provider TCP/HTTP load-balancers located in server > side. IMHO the thread above (the link) justifies that with good > rationale. I don't think its leg-A vs. leg-B. Rather its potentially anywhere there is an administrative boundary where one side doesn't trust the other side. > However I don't think that omitting the ;received stuff in the SIP > WebSocket server is something critical. As said before, ;received is > useless in SIP over WebSocket: it's a connection oriented protocol so > responses are sent using the same connection, and in case such > connection is closed responses cannot be sent to the WS client since > the WS client does not liste for incoming connections. The same occurs > with SIP TCP natted clients, but in this last case revealing the > ;received IP is not a risk. IMO this isn't something that it makes sense to deal with piecemeal. If a case can be made that this sort of privacy is important enough to introduce architectural changes in protocols, then we should be talking about that in general. (But I suspect this will continue to be politically incorrect.) Thanks, Paul
- Re: [sipcore] Proposal for a new SIP transport (W… Paul Kyzivat
- Re: [sipcore] Proposal for a new SIP transport (W… Hadriel Kaplan
- Re: [sipcore] Proposal for a new SIP transport (W… Iñaki Baz Castillo
- Re: [sipcore] Proposal for a new SIP transport (W… Iñaki Baz Castillo
- Re: [sipcore] Proposal for a new SIP transport (W… Iñaki Baz Castillo
- [sipcore] Proposal for a new SIP transport (WebSo… Iñaki Baz Castillo
- Re: [sipcore] Proposal for a new SIP transport (W… Iñaki Baz Castillo
- Re: [sipcore] Proposal for a new SIP transport (W… Hadriel Kaplan
- Re: [sipcore] Proposal for a new SIP transport (W… Iñaki Baz Castillo
- Re: [sipcore] Proposal for a new SIP transport (W… Paul Kyzivat
- Re: [sipcore] Proposal for a new SIP transport (W… Salvatore Loreto
- Re: [sipcore] Proposal for a new SIP transport (W… Hadriel Kaplan
- Re: [sipcore] Proposal for a new SIP transport (W… Iñaki Baz Castillo
- Re: [sipcore] Proposal for a new SIP transport (W… Worley, Dale R (Dale)
- Re: [sipcore] Proposal for a new SIP transport (W… Hadriel Kaplan
- Re: [sipcore] Proposal for a new SIP transport (W… Iñaki Baz Castillo
- Re: [sipcore] Proposal for a new SIP transport (W… Hadriel Kaplan
- Re: [sipcore] Proposal for a new SIP transport (W… Paul Kyzivat
- Re: [sipcore] Proposal for a new SIP transport (W… Iñaki Baz Castillo
- Re: [sipcore] Proposal for a new SIP transport (W… Iñaki Baz Castillo
- Re: [sipcore] Proposal for a new SIP transport (W… Vijay K. Gurbani
- Re: [sipcore] Proposal for a new SIP transport (W… Iñaki Baz Castillo
- Re: [sipcore] Proposal for a new SIP transport (W… Paul Kyzivat
- Re: [sipcore] Proposal for a new SIP transport (W… Iñaki Baz Castillo
- Re: [sipcore] Proposal for a new SIP transport (W… Ravindran Parthasarathi
- Re: [sipcore] Proposal for a new SIP transport (W… Ravindran Parthasarathi
- Re: [sipcore] Proposal for a new SIP transport (W… Paul Kyzivat
- Re: [sipcore] Proposal for a new SIP transport (W… Iñaki Baz Castillo
- Re: [sipcore] Proposal for a new SIP transport (W… Victor Pascual Avila
- Re: [sipcore] Proposal for a new SIP transport (W… Avasarala, Ranjit
- Re: [sipcore] Proposal for a new SIP transport (W… Iñaki Baz Castillo
- Re: [sipcore] Proposal for a new SIP transport (W… Marc Petit-Huguenin
- Re: [sipcore] Proposal for a new SIP transport (W… Iñaki Baz Castillo
- Re: [sipcore] Proposal for a new SIP transport (W… Avasarala, Ranjit
- Re: [sipcore] Proposal for a new SIP transport (W… Iñaki Baz Castillo
- Re: [sipcore] Proposal for a new SIP transport (W… Cullen Jennings
- Re: [sipcore] Proposal for a new SIP transport (W… Iñaki Baz Castillo
- Re: [sipcore] Proposal for a new SIP transport (W… Richard L. Barnes