Re: [sipcore] draft-kaplan-sip-session-id-02
<Martin.Huelsemann@telekom.de> Mon, 20 July 2009 15:40 UTC
Return-Path: <Martin.Huelsemann@telekom.de>
X-Original-To: sipcore@core3.amsl.com
Delivered-To: sipcore@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 785E33A6D75 for <sipcore@core3.amsl.com>; Mon, 20 Jul 2009 08:40:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.249
X-Spam-Level:
X-Spam-Status: No, score=-3.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 969Vv8gpTn0S for <sipcore@core3.amsl.com>; Mon, 20 Jul 2009 08:40:54 -0700 (PDT)
Received: from tcmail83.telekom.de (tcmail83.telekom.de [62.225.183.131]) by core3.amsl.com (Postfix) with ESMTP id 2A0753A6C79 for <sipcore@ietf.org>; Mon, 20 Jul 2009 08:40:53 -0700 (PDT)
Received: from s4de9jsaanm.mgb.telekom.de (HELO S4DE9JSAANM.ost.t-com.de) ([10.125.177.122]) by tcmail81.telekom.de with ESMTP; 20 Jul 2009 17:40:47 +0200
Received: from S4DE9JSAAIL.ost.t-com.de ([10.125.177.200]) by S4DE9JSAANM.ost.t-com.de with Microsoft SMTPSVC(6.0.3790.3959); Mon, 20 Jul 2009 17:40:47 +0200
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.5
Date: Mon, 20 Jul 2009 17:40:46 +0200
Message-ID: <BABF50A5EDD33C42A96DA535F1C8AA8001ED24D0@S4DE9JSAAIL.ost.t-com.de>
In-Reply-To: <E6C2E8958BA59A4FB960963D475F7AC3196CEBC847@mail>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [sipcore] draft-kaplan-sip-session-id-02
Thread-Index: AcoIqtSPtz9zA6BtTM6gsU7oe1O8AwAJuwTQAB4q6xA=
References: <1245876685.3748.61.camel@victoria-pingtel-com.us.nortel.com><C6A11A02FF1FBF438477BB38132E474104B236BB@EITO-MBX02.internal.vodafone.com><40FB0FFB97588246A1BEFB05759DC8A00330040F@S4DE9JSAANI.ost.t-com.de><C6A11A02FF1FBF438477BB38132E474104B23BFB@EITO-MBX02.internal.vodafone.com><E6C2E8958BA59A4FB960963D475F7AC3196C795F9B@mail><1247883283.4025.2.camel@victoria-pingtel-com.us.nortel.com> <E6C2E8958BA59A4FB960963D475F7AC3196CEBC847@mail>
From: Martin.Huelsemann@telekom.de
To: HKaplan@acmepacket.com, dworley@nortel.com, sipcore@ietf.org
X-OriginalArrivalTime: 20 Jul 2009 15:40:47.0056 (UTC) FILETIME=[73567500:01CA0950]
Subject: Re: [sipcore] draft-kaplan-sip-session-id-02
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sipcore>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jul 2009 15:40:57 -0000
Hi Hadriel, what could be the solution for the case that there is a concatenation of full B2BUAs? E.g. there are several App Servers, and the application is targetting the last App Server in the signalling path or respectively needs to match a certain dialog at this AS. I think even a secure-call-id won't be successfull here? BR, Martin > -----Ursprüngliche Nachricht----- > Von: sipcore-bounces@ietf.org > [mailto:sipcore-bounces@ietf.org] Im Auftrag von Hadriel Kaplan > Gesendet: Montag, 20. Juli 2009 02:54 > An: Dale Worley; sipcore@ietf.org > Betreff: Re: [sipcore] draft-kaplan-sip-session-id-02 > > Hi Dale, > The thing is they're really trying to solve different things, > though I know I didn't do a good job explaining it at the > last WG meeting. :( > > The secure-call-id is trying to provide a real Call-ID value > which middleboxes won't change - for middleboxes that change > it for the specific purpose of privacy or topology-hiding. > And by that I mean a real Call-ID: useful for dialog > matching, the dialog-events package, and any of the things a > Call-ID value is used in (there are many, as you know). > > People put Call-ID values in all sorts of things, and expect > it to work end-to-end, and are "surprised" when something in > the middle changed them. So secure-call-id is trying to > provide a Call-ID that won't be changed by those middleboxes. > It *will* still be changed by other B2BUA's, for example > many IP-PBX's and App Servers change the Call-ID, and will > continue doing so. It's ok that they do - most of the > applications which use Call-ID's are targeted to those > IP-PBXs/App-Servers, and they have some other reasons for > changing them. > > Session-ID is for something different: a session identifier > which crosses any form of middlebox including real/full > B2BUA's, but is not used for the dialog-matching type things > a Call-ID is used for. When I tried to use it for some of > those other things, I got feedback with concern that it was > subverting the Call-ID mechanism - if a B2BUA changed the > Call-ID then it was unwise of me to try to second-guess it > and bypass its replacement. I agreed with that concern, so > Session-ID is for troubleshooting purposes only at this time. > > So the two mechanisms are not at odds, nor are they > alternatives for the same thing. > > A middlebox which replaces Call-ID's *does* know if it's a > secure-call-id. If it has no '@', and no IP Addr/hostname > format in it, it's sufficiently benign to not change. > > -hadriel > > > -----Original Message----- > > From: sipcore-bounces@ietf.org [mailto:sipcore-bounces@ietf.org] On > > Behalf Of Dale Worley > > > > The Session-Id has a tremendous advantage over the "secure > Call-Id": > > In a system that is not tightly managed by a central authority, > > middleboxes have no way of knowing whether a UA is > generating "secure > > Call-Ids" or not. So they must replace all Call-Ids, > subverting the > > UAs that are generating secure Call-Ids. But (absent malice on the > > part of UAs), Session-Ids are known to be secure, and > middleboxes know > > not to replace them. So I think we should deprecate > > draft-kaplan-sip-secure-call-id in favor of > draft-kaplan-sip-session-id. > > > > Dale > > _______________________________________________ > sipcore mailing list > sipcore@ietf.org > https://www.ietf.org/mailman/listinfo/sipcore >
- [sipcore] draft-kaplan-sip-session-id-02 Dale Worley
- Re: [sipcore] draft-kaplan-sip-session-id-02 Dawes, Peter, VF-Group
- Re: [sipcore] draft-kaplan-sip-session-id-02 L.Liess
- Re: [sipcore] draft-kaplan-sip-session-id-02 Dawes, Peter, VF-Group
- Re: [sipcore] draft-kaplan-sip-session-id-02 L.Liess
- Re: [sipcore] draft-kaplan-sip-session-id-02 Hadriel Kaplan
- Re: [sipcore] draft-kaplan-sip-session-id-02 Hadriel Kaplan
- Re: [sipcore] draft-kaplan-sip-session-id-02 Hadriel Kaplan
- Re: [sipcore] draft-kaplan-sip-session-id-02 Dale Worley
- Re: [sipcore] draft-kaplan-sip-session-id-02 Hadriel Kaplan
- Re: [sipcore] draft-kaplan-sip-session-id-02 Martin.Huelsemann
- Re: [sipcore] draft-kaplan-sip-session-id-02 Hadriel Kaplan
- Re: [sipcore] draft-kaplan-sip-session-id-02 Martin.Huelsemann
- Re: [sipcore] draft-kaplan-sip-session-id-02 Dale Worley
- Re: [sipcore] draft-kaplan-sip-session-id-02 Hadriel Kaplan
- Re: [sipcore] draft-kaplan-sip-session-id-02 Dale Worley
- Re: [sipcore] draft-kaplan-sip-session-id-02 Gonzalo Camarillo
- Re: [sipcore] draft-kaplan-sip-session-id-02 L.Liess