Dean Willis wrote:
On Dec 10, 2008, at 6:48 PM, Cullen Jennings wrote:
Jiri, I would like to make sure I understand exactly what is broken
here. So, say some B2BUA that implements 4474, like SER is running at
iptel.org. And I have an account, say [EMAIL PROTECTED] Now my phone
is registered and sends an INVITE to SER with the From set to
"[EMAIL PROTECTED]". My understanding is SER edits the SDP then does
the 4474 signature and sends it on.
So in the case you are discussing here, what exactly is broken that
stops iptel.org from both editing SDP and doing 4474?
I'm not Jiȓi, but:
The INVITE hits the SER proxy at the terminating domain, say FWD, which
then rewrites the SDP and sends it on. The originating signature is now
broken.
Or the FWD proxy rewrites the signature, and the cert doesn't
match the domain. Broken.
One could try to find easier scenarios where only the terminating proxy
verifies (and then rewrites SDP and removed Identity), and its UASs
trust it.
It is not "universal" but in the field I found that even in such scenarios
someone still pops up who breaks the SDP before it gets to the recipient.
(even though it is under administrative control of those who have interest
in making it work). Rather than relying on a "clean SIP path" I would thus
prefer not to have to rely.
-jiri
--
Dean
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
