90 likes | 169 Views
Explore issues with Home Network directing INVITE through FCP on visited network, proposing "Path" header for DNS mapping and security concerns. Discuss concerns on manipulation and transparency.
E N D
PATH Open Issues Dean WillisSIP WG IETF 53
Scenario I FCP UA1 FireWall P R VisitedNet HomeNet UA2
REGISTER Path I FCP UA1 FireWall P R UA2
INVITE Path I FCP UA1 FireWall P R UA2
Problem • How does Home Network direct INVITE through FCP on visited network • DNS magic? Requires PTR -> SRV mapping • REGISTER magic • Contact Modification by FCP (E2E Bad) • RecordRoute on REGISTER
Proposal • Record-Route on REGISTER • Store this route in registrar database • Apply as outbound Route header from home proxy
Issue: Header Name • Can’t call header record-Route as this is explicitly disallowed by bis text. • Propose “Path” as header name based on suggestion from 3GPP CN1 • Other Suggestions: RegisterRecordRoute, etc. • Discussion?
Issue: Security • Subject to manipulation by intermediate proxies. • With intermediate proxy, UA can’t directly authenticate identity of Registrar. • Path may encourage (or allow) use of network designs that require intermediate proxies. • Is this a “new” problem?
Issue: Transparency • OPES suggests it is not a good idea to insert things in a processing path without the consent of the requestor • Path: header is returned to UA, which then gains visibility on insertions. • Is this adequate?