What would you do if the SIP response's signature was invalid? A SIP response can't be rejected. For example, you can't tell the responder that it needs to send the response again with a new signature if the signature it sent had an error or was stale. And the verifier of the identity signature may not be the UAC, but rather a proxy, so it can't drop that response. And besides the original request may have gotten forked, with multiple responses, or the responses could have been merged by a downstream proxy, which makes it even more complicated. And the original request may have gotten forwarded to a different (legitimate) target, but then that new target couldn't sign the From URI without changing it, and that was also more complicated due to backwards-compatibility issues (it's done in RFC 4916).
-hadriel > -----Original Message----- > From: sip-implementors-boun...@lists.cs.columbia.edu [mailto:sip- > implementors-boun...@lists.cs.columbia.edu] On Behalf Of Couret Tabt > Sent: Wednesday, May 05, 2010 7:57 AM > To: sip-implementors@lists.cs.columbia.edu > Subject: [Sip-implementors] Why are SIP Responses out of scope in SIP > Identity (RFC4474)? > > Dear folks, > > In RFC4474, there is the sentence below (at page 5): > Note that the scope of this document is limited to providing this > identity assurance for SIP requests; solving this problem for SIP > responses is more complicated and is a subject for future work. > > What does a key word 'complicated' in this sentence means? > In other words, why RFC4474 is limited for SIP requests? > > If RFC4474 was applied for SIP responses, what cannot we do? > > If you have any answers about the above question, please let me know. > > Thanks, > Tabt > _______________________________________________ > Sip-implementors mailing list > Sip-implementors@lists.cs.columbia.edu > https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors _______________________________________________ Sip-implementors mailing list Sip-implementors@lists.cs.columbia.edu https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
