> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Adam Roach > Sent: Tuesday, July 08, 2008 3:41 PM > To: Hadriel Kaplan > Cc: [email protected]; Michael Thomas > Subject: Re: [Sip] Signing P-Asserted-Identity > > On 7/8/08 3:18 PM, Hadriel Kaplan wrote: > > 2) 4474 signs things which many real-world cases will break > the signature of, and thus has a deployment problem (whether > that's fixable, or by design, is another topic of debate). > But that's another elephant in the room, or maybe a lion, > smaller but hairy. > > > > In theory, you're talking about To, From, Call-ID, CSeq, > Date, Contact, > and the request body. Proxies aren't allowed to change those > (with the > exception of To and From, which are done only in the context > of 4474 and > RFC 4916), and user agents set them before the 4474 signature > goes on them. > > In practice, the elephant in your elephant (or small hairy > predator) is > the body. You're talking about SBCs, and the thing that SBCs want to > change that breaks RFC 4474 is the body. And that was kind of a > necessary hack back before user agents did much in the way of NAT and > firewall traversal. But any real, commercial user agent I've > played with > in the past five years or so has at least rudimentary support in this > area, such that body tweaking is mostly unnecessary.
Hadriel tried to carefully explain why SBCs change the body in draft-kaplan-sip-uris-change-00.txt. It isn't because of NAT. Please read draft-kaplan-sip-uris-change-00.txt. -d > In other words: there's a better solution than body mangling, > and it's > supported by most modern SIP clients. Let's not gut 4474 to > maintain our > older, broken network architectures. > > /a > _______________________________________________ > Sip mailing list https://www.ietf.org/mailman/listinfo/sip > This list is for NEW development of the core SIP Protocol > Use [EMAIL PROTECTED] for questions on current sip > Use [EMAIL PROTECTED] for new developments on the application of sip _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
