IETF Logo Mail Archive

RE: [Sipping] draft-camarillo-sipping-sbc-funcs-02.txt

henry@sinnreich.net Fri, 21 October 2005 17:52 UTC

Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ET13o-0006SE-Ix; Fri, 21 Oct 2005 13:52:08 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1ET13m-0006RB-HS for sipping@megatron.ietf.org; Fri, 21 Oct 2005 13:52:06 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA21460 for <sipping@ietf.org>; Fri, 21 Oct 2005 13:51:56 -0400 (EDT)
From: henry@sinnreich.net
Message-Id: <200510211751.NAA21460@ietf.org>
Received: from xmail.bluehost.com ([70.98.111.4]) by ietf-mx.ietf.org with smtp (Exim 4.43) id 1ET1Fy-0007j9-2D for sipping@ietf.org; Fri, 21 Oct 2005 14:04:42 -0400
Received: (qmail 1826 invoked by uid 0); 21 Oct 2005 17:51:35 -0000
Received: from unknown (HELO box6.bluehost.com) (70.98.111.61) by xmail.bluehost.com with SMTP; 21 Oct 2005 17:51:35 -0000
Received: from c-24-1-136-53.hsd1.tx.comcast.net ([24.1.136.53] helo=1AB764895C324D3) by box6.bluehost.com with esmtp (Exim 4.52) id 1ET13i-0002pH-IP; Fri, 21 Oct 2005 11:52:02 -0600
To: 'Medhavi Bhatia' <mbhatia@nextone.com>, 'Arjun Roychowdhury' <arjunrc@gmail.com>
Subject: RE: [Sipping] draft-camarillo-sipping-sbc-funcs-02.txt
Date: Fri, 21 Oct 2005 12:51:55 -0500
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
In-Reply-To: <200510211734.NAA02932@dreadnought.cnchost.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Thread-Index: AcXV8C6QbMUqojAPTHqGxQoRonqDOgAVkWzgAAdJ1KAAAP5xcA==
X-PopBeforeSMTPSenders: henry@sinnreich.net
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - box6.bluehost.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12]
X-AntiAbuse: Sender Address Domain - sinnreich.net
X-Spam-Score: 2.9 (++)
X-Scan-Signature: ff03b0075c3fc728d7d60a15b4ee1ad2
Content-Transfer-Encoding: 7bit
Cc: 'sipping' <sipping@ietf.org>
X-BeenThere: sipping@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SIPPING Working Group \(applications of SIP\)" <sipping.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sipping@ietf.org>
List-Help: <mailto:sipping-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
Sender: sipping-bounces@ietf.org
Errors-To: sipping-bounces@ietf.org

> (Consider IMS/TISPAN border elements for example)

It can be argued IMS/TISPAN are much more evil than SBC, but not on this
list :-) 

Thanks, Henry

-----Original Message-----
From: Medhavi Bhatia [mailto:mbhatia@nextone.com] 
Sent: Friday, October 21, 2005 12:34 PM
To: henry@sinnreich.net; 'Arjun Roychowdhury'
Cc: 'sipping'
Subject: RE: [Sipping] draft-camarillo-sipping-sbc-funcs-02.txt

BCP track?

I think we still need a major focus change on the draft before it becomes
more generally useful.

The intent of the draft is the right thing to do, however it is really
suggesting requirements on what needs to be done and can't be done using
standardized SIP.

Another case is the existence of similar behavior in other platforms like
prepaid for broadband (which tends to use similar NAT traversal techniques).
The case is that in some closed environments these mechanisms are seen as
valid choices to make (Consider IMS/TISPAN border elements for example).

I think the draft needs to focus on these alternate ways of doing things and
potentially point out the considerations which need to be kept in mind when
the implementers do the analysis and make a choice. It should definitely not
make a case that the analysis needs to be done only for SBCs (which is why I
think it needs a focus change).

-Medhavi.

> -----Original Message-----
> From: sipping-bounces@ietf.org [mailto:sipping-bounces@ietf.org] On Behalf
Of
> henry@sinnreich.net
> Sent: Friday, October 21, 2005 9:57 AM
> To: 'Arjun Roychowdhury'
> Cc: 'sipping'
> Subject: RE: [Sipping] draft-camarillo-sipping-sbc-funcs-02.txt
> 
> Arjun,
> 
> We need not burden the list again with a new flare-up discussing SBCs all
> over again and I apologize if I may have caused this discussion.
> 
> Let's trust the authors of the I-D to add more substance to the Security
> section and maybe deal with some of the other topics previously discussed.
> 
> This is a document that should be quickly advanced on the BCP track, since
> the topic is of high interest in the industry.
> 
> Thanks, Henry
> 
> -----Original Message-----
> From: Arjun Roychowdhury [mailto:arjunrc@gmail.com]
> Sent: Thursday, October 20, 2005 10:33 PM
> To: henry@sinnreich.net
> Cc: sipping
> Subject: Re: [Sipping] draft-camarillo-sipping-sbc-funcs-02.txt
> 
> I really feel like playing devils' advocate, since I know, deep
> inside, you really think SBCs are nice kids who just need to be 'wired
> right'. So here goes ....
> 
> It seems the only unfriendly thing an SBC does is that it modifies
> messages without the knowledge of the UAs - though this is not the
> concern - the concern is that this in turn breaks end-end protection,
> if it is used (that is the one consistent reason in all the sections).
> 
> In all fairness, I have a hard time understanding why the SBC is
> turning out to be the 'Anti-Internet'. The end-end principle of the
> Internet has always been challenged at the network layer (which has
> nothing to do with the application layer) for a long time, including
> technologies like NAT, Firewalls,ALGs, relays, split DNS and similar.
> Several RFCs talk about the realistic challenge of e-e and actually
> discuss realistic scenarios where e-e may not work (The Rise of the
> Middle and the Future of End-End - 3724)
> 
> The biggest issue seems to be 'done without knowledge' and 'end-end
> encryption' seems secondary, at least at the network layer of the
> Internet (as an example, the NAT WG suggested RSIP as an adjunct to
> NAT to make it 'friendly'). If this is the biggest problem, then the
> solution is easier - let the SBC 'tell' the UAs via some SIP mechanism
> that it is playing 'big brother'. That information could be used to
> inform the UAs 'legally' that due to network policies the outside
> world is not seeing what they are sending - and if the SBC tells them
> what the change is, then maybe the UAs can get 'smarter' in operation
> for that session. (Sorry, I am not smart enough to figure out what
> 'smarter' really means, at least for now)
> 
> 
> >
> > - If the SBC is compromised (it happens on the Internet) then what are
the
> > vulnerabilities for (1) SIP signaling and (2) RTP media streams?
> 
> This is a problem not specific to SBCs. What if the mailserver of a
> corporate domain gets compromised ? What if the backend datastore of a
> credit card company gets compromised by a web server exploit ? Same
> story.
> 
> regds
> arjun
> --
> Arjun Roychowdhury
> 
> 
> 
> _______________________________________________
> Sipping mailing list  https://www1.ietf.org/mailman/listinfo/sipping
> This list is for NEW development of the application of SIP
> Use sip-implementors@cs.columbia.edu for questions on current sip
> Use sip@ietf.org for new developments of core SIP






_______________________________________________
Sipping mailing list  https://www1.ietf.org/mailman/listinfo/sipping
This list is for NEW development of the application of SIP
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sip@ietf.org for new developments of core SIP

v2.23.0 | Report a Bug | By Email