IETF Logo Mail Archive

Re: [splices] SIP INVOKE method

"Shekh-Yusef, Rifaat (Rifaat)" <rifatyu@avaya.com> Wed, 18 May 2011 13:26 UTC

Return-Path: <rifatyu@avaya.com>
X-Original-To: splices@ietfa.amsl.com
Delivered-To: splices@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFF2BE06C0 for <splices@ietfa.amsl.com>; Wed, 18 May 2011 06:26:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.432
X-Spam-Level:
X-Spam-Status: No, score=-3.432 tagged_above=-999 required=5 tests=[AWL=0.167, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sMhN7VRtbu24 for <splices@ietfa.amsl.com>; Wed, 18 May 2011 06:26:07 -0700 (PDT)
Received: from de307622-de-outbound.net.avaya.com (de307622-de-outbound.net.avaya.com [198.152.71.100]) by ietfa.amsl.com (Postfix) with ESMTP id B0473E06BD for <splices@ietf.org>; Wed, 18 May 2011 06:26:06 -0700 (PDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AiABAJjI002HCzI1/2dsb2JhbACXTI5Md6whAptLhhkElF2KRQ
X-IronPort-AV: E=Sophos;i="4.65,231,1304308800"; d="scan'208";a="247031203"
Received: from unknown (HELO p-us1-erheast.us1.avaya.com) ([135.11.50.53]) by de307622-de-outbound.net.avaya.com with ESMTP; 18 May 2011 09:25:57 -0400
X-IronPort-AV: E=Sophos;i="4.65,231,1304308800"; d="scan'208";a="653337535"
Received: from dc-us1hcex2.us1.avaya.com (HELO DC-US1HCEX2.global.avaya.com) ([135.11.52.21]) by p-us1-erheast-out.us1.avaya.com with ESMTP; 18 May 2011 09:25:36 -0400
Received: from DC-US1MBEX4.global.avaya.com ([169.254.2.201]) by DC-US1HCEX2.global.avaya.com ([::1]) with mapi; Wed, 18 May 2011 09:25:36 -0400
From: "Shekh-Yusef, Rifaat (Rifaat)" <rifatyu@avaya.com>
To: Paul Kyzivat <pkyzivat@cisco.com>
Date: Wed, 18 May 2011 09:25:35 -0400
Thread-Topic: [splices] SIP INVOKE method
Thread-Index: AcwVW0WMIcLzebK1RGWHDTXEYztIagAAEYnQ
Message-ID: <6369CB70BFD88942B9705AC1E639A33822CBE5C465@DC-US1MBEX4.global.avaya.com>
References: <6369CB70BFD88942B9705AC1E639A33822CBDA8EBF@DC-US1MBEX4.global.avaya.com> <BANLkTinLjrS3DocT=_MbnDrHdoTLs7RuhQ@mail.gmail.com> <6369CB70BFD88942B9705AC1E639A33822CBDA9548@DC-US1MBEX4.global.avaya.com> <4DD2C7BF.1030000@cisco.com> <6369CB70BFD88942B9705AC1E639A33822CBE5C339@DC-US1MBEX4.global.avaya.com> <4DD3C26A.9050705@cisco.com>
In-Reply-To: <4DD3C26A.9050705@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "splices@ietf.org" <splices@ietf.org>
Subject: Re: [splices] SIP INVOKE method
X-BeenThere: splices@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Loosely-coupled SIP Devices \(splices\) working group discussion list" <splices.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/splices>, <mailto:splices-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/splices>
List-Post: <mailto:splices@ietf.org>
List-Help: <mailto:splices-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/splices>, <mailto:splices-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 May 2011 13:26:07 -0000

Paul,

I am not talking about any intermediary, but about application servers on the call path in an enterprise.
Some application servers might be interested in a specific action to push application to the phone.
I agree that strong security is required and we are asking the client to only allow authorized users to invoke an action by challenging the INVOKE-Issuer.

Regards,
 Rifaat

> -----Original Message-----
> From: Paul Kyzivat [mailto:pkyzivat@cisco.com]
> Sent: Wednesday, May 18, 2011 8:58 AM
> To: Shekh-Yusef, Rifaat (Rifaat)
> Cc: splices@ietf.org
> Subject: Re: [splices] SIP INVOKE method
> 
> 
> 
> On 5/18/2011 7:29 AM, Shekh-Yusef, Rifaat (Rifaat) wrote:
> > Hi Paul,
> >
> > I think that the main reason for using Headers for actions and parameters is
> to allow for proxy applications on the call path to recognize the requested
> action, as some UAs might encrypt the body part.
> 
> Hmm. That seems to me to be more reason to use a body part!
> 
> What possible reason would an intermediary have for snooping into these
> actions?
> 
> Note that this functionality is *very* sensitive - in the wrong hands
> this stuff can do great damage. I predict that there will be a lot of
> demand for very strong security considerations. Putting the action in a
> body and encrypting it might be a good approach.
> 
> 	Thanks,
> 	Paul
> 
> > Regards,
> >   Rifaat
> >
> >
> >> -----Original Message-----
> >> From: splices-bounces@ietf.org [mailto:splices-bounces@ietf.org] On Behalf
> Of
> >> Paul Kyzivat
> >> Sent: Tuesday, May 17, 2011 3:09 PM
> >> To: splices@ietf.org
> >> Subject: Re: [splices] SIP INVOKE method
> >>
> >>
> >>
> >> On 5/17/2011 2:20 PM, Shekh-Yusef, Rifaat (Rifaat) wrote:
> >>
> >>> Yes, and I have the following open question about these parameters:
> >>> Should a separate header be defined for action parameters?
> >>
> >> I can be convinced otherwise (by a good justification), but I'm inclined
> >> toward describing the action and any parameters in a body part.
> >>
> >> 	Thanks,
> >> 	Paul
> >> _______________________________________________
> >> splices mailing list
> >> splices@ietf.org
> >> https://www.ietf.org/mailman/listinfo/splices
> >

v2.23.0 | Report a Bug | By Email