1 / 9

Path Header Proposal for Secure and Transparent SIP Communication

Explore issues with Home Network directing INVITE through FCP on visited network, proposing "Path" header for DNS mapping and security concerns. Discuss concerns on manipulation and transparency.

newton
Download Presentation

Path Header Proposal for Secure and Transparent SIP Communication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PATH Open Issues Dean WillisSIP WG IETF 53

  2. Scenario I FCP UA1 FireWall P R VisitedNet HomeNet UA2

  3. REGISTER Path I FCP UA1 FireWall P R UA2

  4. INVITE Path I FCP UA1 FireWall P R UA2

  5. Problem • How does Home Network direct INVITE through FCP on visited network • DNS magic? Requires PTR -> SRV mapping • REGISTER magic • Contact Modification by FCP (E2E Bad) • RecordRoute on REGISTER

  6. Proposal • Record-Route on REGISTER • Store this route in registrar database • Apply as outbound Route header from home proxy

  7. Issue: Header Name • Can’t call header record-Route as this is explicitly disallowed by bis text. • Propose “Path” as header name based on suggestion from 3GPP CN1 • Other Suggestions: RegisterRecordRoute, etc. • Discussion?

  8. Issue: Security • Subject to manipulation by intermediate proxies. • With intermediate proxy, UA can’t directly authenticate identity of Registrar. • Path may encourage (or allow) use of network designs that require intermediate proxies. • Is this a “new” problem?

  9. Issue: Transparency • OPES suggests it is not a good idea to insert things in a processing path without the consent of the requestor • Path: header is returned to UA, which then gains visibility on insertions. • Is this adequate?

More Related