Elwell, John wrote:
Which would be ideal, if we were sure of getting them through service
providers unchanged.
Therein lies the conundrum with intermediate manglers like B2BUA's
and mailing lists managers, etc. On the one hand, you can sign very little
and be far more successful at surviving the mangler. However, that's buying
you very, very little since things that the manglers mangle are the very
things
that you want to protect. So why bother.
An alternate approach is "you break it, you own it". That is, if you must
break the signature, all you can do is resign it and hope that your own
reputation is enough to convince the called party to accept the call. Yes,
this is messy and unsatisfying at many levels and leaves many unanswered
questions. But fundamentally what people are asking for here is impossible
if you insist on b2bua manglers.
Lastly, if you want e2e security the conversation needs to be... e2e. Be it
straight over the top of the internet, through a tunnel -- however you can
route opaque packets to and from the two ends -- that is the only way to
have any both security as well as robustness. If we'd just get over that,
our heads would eventually stop hurting from repeatedly bashing them
up against this brick wall.
Mike
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
