Just to note that the SIP working group has been round the response problem
once already and failed to find an acceptable solution.
By all means put some new ideas in a draft, but please ready the previous SIP
working group proceedings and mailing list discussions concerning this issue
before submitting, and take these into account.
Regards
Keith
________________________________
From: ji ma [mailto:[EMAIL PROTECTED]
Sent: Monday, July 30, 2007 12:15 PM
To: Elwell, John; [email protected]
Subject: RE: [Sip]RFC4916:the usage of connected identity in interdomain
"Elwell, John" <[EMAIL PROTECTED]> 写道:
Ma Ji,
See below.
John
> -----Original Message-----
> From: ji ma [mailto:[EMAIL PROTECTED]
> Sent: 30 July 2007 09:28
> To: [email protected]
> Subject: [Sip]RFC4916:the usage of connected identity in
interdomain
>
> Hi folks:
>
> I have some questions after reading RFC4916, which
> descibes a solution of ensuring the identity of the UA that
> sends backward request after a dialog has formed. As far as
> I'm concerned, this specification is a supplement of RFC4474,
> which can only provide the validaty of the UA sending the
> request. However, RFC4916's 2 examples regarding to the its
> desciption only illustrate how to convey connected identity
> in an assumption that the caller and callee are in the same
> domain (example.com in particular), by using UPDATE messages
> which renew the From field of the sender. So my question is,
> can this specification resolve the authentication of the
> connected identity regarding to the scenories where the
> caller and callee are in different domains?
> [Considering RFC4474, the authenticator will not be the
> responsible proxy for the request that contains a From field
> ([EMAIL PROTECTED]) that is different from its real
> identity ([EMAIL PROTECTED]) ]
[JRE] Although the examples show only a single domain, the RFC
is equally applicable when caller and callee are in different domains. Each
domain will provide its own authentication service.
>
> Another doubt I'm concerning about, is the content of
> last two paragraphs in page 3 of RFC4916, which is said as
below:
>
> The provision of the identity of the responder in a response
> (commonly called "response identity") is outside the scope of
this
> document.
>
> Note that even if identity were to be conveyed somehow in a
> response, there would in general be difficulty
> authenticating the
> UAS. Providing identity in a separate request allows normal
> authentication techniques to be used.
>
>
> I can't understand why it's difficult to authenticate
> response messages as I thought it could be authenticated in a
> way like the request it responses to(I don't know how much
> different in the process it should be regarding request and
> response) .So what's special for response?
[JRE] SIP digest authentication is only specified for requests.
In particular, there is no mechanism for challenging a response.
>
> Regards,
> Ma Ji
Thanks for reminding. When using connected identity,the sender has no
reason to use the previous identity the same as the From URI of the request,
who sends UPDATE which contains the new identity of the sender.
More, I deliberate that authenticating the validaty of the receiver in
a response(that means the To header) is also required, and so far I has not see
any draft nor maillist discussing it(maybe I missed), considering the current
mechanism is not enough for such issue, I thing there should be some effort to
be put to take this aspect into account.
Regards,
Ma Ji
________________________________
抢注雅虎免费邮箱3.5G容量,20M附件! <http://cn.mail.yahoo.com>
_______________________________________________
Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
