On Oct 31, 2008, at 8:03 AM, Iñaki Baz Castillo wrote:
2008/10/31 Michael Procter <[EMAIL PROTECTED]>:
Shall DERIVE be extended to support non-INVITE requests (e.g.
MESSAGE)
I'm not sure it can. RFC4235 is defined for INVITE-initiated dialog
usages only. Yes, it could be extended, but I'm not convinced that
is
necessarily the best way forward from here!
Also note that MESSAGE doesn't establish a dialog, it just an
independent transaction.
So we're asking "Is this from you" rather than "Did you initiate this
dialog"?
It still seems like it might be a useful thing to know. Of course,
this argues that 42325 may be the wrong basis.
Now, if we'd just made SIP work with opposing pairs of two-way
transactions for everything, instead of singular two and three-way
transactions, we could build confirmation options into everything. But
we didn't.
Now, from a security perspective: Who's done the analysis on whether
DERIVE introduces new attack opportunities?
For example, is there a DOS opportunity in using the home proxy as a
message-exploder for source-forged SUBSCRIBE requests? Seems like thre
might be a problem there . . .
--
Dean
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
