If this helps...Network Magazine just published an analysis of unified communications that summarizes the pros and cons of B2BUAs vs. SIP Proxies. http://www.networkmagazine.com/shared/article/showArticle.jhtml?articleI d=16600098&classroom= Dave -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rosen, Brian Sent: Tuesday, November 25, 2003 11:16 PM To: 'Paul Kyzivat' Cc: [EMAIL PROTECTED]; Adam Roach; [EMAIL PROTECTED]; KANUMURI Sreeram; 'Ramachandran Iyer' Subject: RE: [Sip-implementors] Question on B2BUA
Generally, I think B2BUAs are evil, but we use them when we have to. If there is a really good reason why you have to, and the B2BUA is within a trust domain with your UA, then I my concerns about authentication are small. The specific architecture I was discussing was a god-box in the middle of a network that terminates all call "legs" for the purpose of making sure that it is in control. You can make such systems work only if users don't try end to end authentication. In that case the god-box is in a different trust domain than the UA. Brian > -----Original Message----- > From: Paul Kyzivat [mailto:[EMAIL PROTECTED] > Sent: Tuesday, November 25, 2003 4:00 PM > To: Rosen, Brian > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; Adam Roach; > KANUMURI Sreeram; 'Ramachandran Iyer' > Subject: Re: [Sip-implementors] Question on B2BUA > > > > > Rosen, Brian wrote: > > [Rama] That is a given that B2BUA can be made to sit in the > middle and exert > > control and there are folks who are currently doing it. I > am not sure why is > > that going to break end-2-end security. Are you presuming > that without B2BUA > > there would have been authentication schemes and B2BUA may not. > > > > [brian]Yes, users wish to authenticate that they are > talking to their > > intended > > recipient, and a B2BUA will break such authentication, at > least one that > > works the way you suggest. > > Brian, > > As with all things having to do with B2BUAs, whether it breaks > authentication depends on lots of things. In particular, here > it depends > on your definition of "middle". > > Middle could be "close" to one or the other of the endpoints, or it > could be far from both. If a B2BUA is owned or operated on > behalf of the > user of one of the endpoints then it can potentially handle > authentication just fine. > > Paul > > _______________________________________________ > Sip-implementors mailing list [EMAIL PROTECTED] > http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors > _______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors _______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
