> Elwell, John wrote: > > Which would be ideal, if we were sure of getting them > > through service providers unchanged. > > Therein lies the conundrum with intermediate manglers like B2BUA's > and mailing lists managers, etc.
It is the conundrum for the entire Internet -- TCP 'protocol scrubbers' exist, TCP options get dropped, DSCP bits get changed, ECN bits are mangled, and Router Alert Option gets dropped. Such is the reality. I wish it weren't the reality, too. -d > On the one hand, you can > sign very little > and be far more successful at surviving the mangler. However, > that's buying > you very, very little since things that the manglers mangle > are the very > things > that you want to protect. So why bother. > > An alternate approach is "you break it, you own it". That is, > if you must > break the signature, all you can do is resign it and hope > that your own > reputation is enough to convince the called party to accept > the call. Yes, > this is messy and unsatisfying at many levels and leaves many > unanswered > questions. But fundamentally what people are asking for here > is impossible > if you insist on b2bua manglers. > > Lastly, if you want e2e security the conversation needs to > be... e2e. Be it > straight over the top of the internet, through a tunnel -- > however you can > route opaque packets to and from the two ends -- that is the > only way to > have any both security as well as robustness. If we'd just > get over that, > our heads would eventually stop hurting from repeatedly bashing them > up against this brick wall. > > Mike _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
