At Fri, 01 Aug 2008 12:16:36 -0400, Paul Kyzivat wrote: > > What if the SBC did the following: > > - made whatever changes it wants to make to the incoming > request to derive the message it wants to send. > > - calculated the reverse diff the transforms its modified > message into the message it received. > > - affixed the reverse diff to the new message as another > body part. > > - signed the whole thing as itself. > > - sent it on. > > When the UAS receives this, it first validates the signature and decides > if it trusts the signer. > > If so, it may then use the reverse diff to reconstruct the unmodified > message. It can then validate any signature that may contain to verify > the actual caller. This can of course be applied recursively. > > At any stage it can just decide to trust any assertions made by the > intermediary.
The problem I see with this approach is that it then requires the UAS to make fairly sophisticated decisions about what changes are OK and what are not. If we can't make those judgements here in the SIP WG, I don't see how implementors can be expected to. -Ekr _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
