Jun,
Responses inline below:
Wayne,
Thanks for your reply.
By the way, I have got one more question regarding your replay.
The scenario I have mentioned is only possible with a help of the stateful
proxy. That was what you explained, wasn't it ?
Wayne: Your questions was basically "can a user CANCEL a session which it
is not participating in" the short answer is NO it can not. In an attempt
for completeness I said that a stateful Proxy that is participating in the
signalling can CANCEL a proceeding session. By your query I would not
categorise a stateful proxy as a *user* and so you can think of this
exception as a special case.
Supposing that all the users are just UAs, then no one - except the two
parties involved the transaction - can cancel the transaction of other
parties because no one knows Call-Id, CSeq, etc.
Wayne: Yes, a CANCEL is a request within a dialog and as such it needs to
be formatted correctly including Call-Id and Cseq so that the UAS can match
and process it. Another user UA would not know this information and
therefore could not correctly form a valid CANCEL request. To gain the
dialog info for the purpose of correctly forming the CANCEL request could
be considered another kind of wrong. Also it is not "the two parties
involved in the transaction" that can CANCEL, it is the UAC from the point
of view of the INVITE transaction - the UAS can not CANCEL the transaction.
The changed scenario is;
User A User B User C
Stateful Proxy
----------INVITE----------->
<--------100/180------------
* <--------CANCEL (A<->B) : IMPOSSIBLE! ------ *
<---------CANCEL : POSSIBLE-------------------------------------------
Wayne: I think this ladder diagram may not have turned out 100%. The
stateful proxy needs to be participating in the signalling between UserA
and UserB (it doesn't seem to be drawn that way) if so - yes as stated
above it can CANCEL this transaction. Showing the CANCEL request from UserC
would fail is also correct (481 error code or other).
Regards - Wayne
Regards,
Jun
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 25, 2005 4:10 PM
To: Hyoungjoon Park
Cc: [email protected];
[EMAIL PROTECTED]
Subject: Re: [Sip-implementors] Canceling INVITE transcation by other party
Jun,
Please see response inline.
Hi,
I wonder if a user's INVITE transaction can be cancelled by other user. The
scenario is as follows;
User A User B User C
----------INVITE----------->
<--------100/180------------
<----------To cancel the transaction----------
----------CANCEL---------->
<--------200 OK-------------
The Question is that whether the user C is able to cancel the transaction
between the user A and B.
Wayne: I think it is possible but it is wrong for another user to do it, l
ike a MITM attack. But CANCEL is hop by hop so a stateful proxy may CANCEL
a
request which is legit.
What kind of method can be used ? Would it be a REFER with method=cancel or
just CANCEL ?
Wayne: Just CANCEL
By the way, I'm really wondering if the scenario makes sense actually.
Wayne: The question makes sense, I am in doubt on the scenario though.
Regards,
Jun
Regards - Wayne
**********************************************************************
Any personal or sensitive information contained in this email and
attachments must be handled in accordance with the Victorian Information
Privacy Act 2000, the Health Records Act 2001 or the Privacy Act 1988
(Commonwealth), as applicable.
This email, including all attachments, is confidential. If you are not the
intended recipient, you must not disclose, distribute, copy or use the
information contained in this email or attachments. Any confidentiality or
privilege is not waived or lost because this email has been sent to you in
error. If you have received it in error, please let us know by reply
email,
delete it from your system and destroy any copies.
**********************************************************************
**********************************************************************
Any personal or sensitive information contained in this email and
attachments must be handled in accordance with the Victorian Information
Privacy Act 2000, the Health Records Act 2001 or the Privacy Act 1988
(Commonwealth), as applicable.
This email, including all attachments, is confidential. If you are not the
intended recipient, you must not disclose, distribute, copy or use the
information contained in this email or attachments. Any confidentiality or
privilege is not waived or lost because this email has been sent to you in
error. If you have received it in error, please let us know by reply
email, delete it from your system and destroy any copies.
**********************************************************************
_______________________________________________
Sip-implementors mailing list
[email protected]
http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
