> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, June 12, 2001 2:55 AM
> To: [EMAIL PROTECTED]
> Subject: [Sip-implementors] doubt in register
>
>
> hi all,
> I have a doubt in the register request send to the home
> server from the
> visited network.
> if alice @wonderland.com has visited example.com and sitting
> at the machine
> hpux1, will the register request sent to the home server will
> be as follows
>
> REGISTER:sip:wonderland.com SIP/2.0
> Via:SIP/2.0/UDP hpux1.example.com
> From:[EMAIL PROTECTED]
> To:[EMAIL PROTECTED]
> Call-ID:[EMAIL PROTECTED]
> contact:sip:alice@hpux1
>
> what will be format of the packet sent to the Home Server?
There is no agreed upon standard for this yet. Henning has written up a
draft on the subject:
http://search.ietf.org/internet-drafts/draft-schulzrinne-sip-register-01.txt
it presents several different models. The "outbound proxy intercept"
approach would result in a registration similar to what you have listed, but
not the same. In the outbound proxy intercept model, the user would simply
register with their home domain:
REGISTER sip:wonderland.com SIP/2.0
Via: SIP/2.0/UDP hpux1.example.com
From: sip:[EMAIL PROTECTED]
To: sip:[EMAIL PROTECTED]
Contact: sip:[EMAIL PROTECTED]
This is sent to the example.com outbound proxy. That proxy mucks with the
registration and sends it to wonderland.com:
REGISTER sip:wonderland.com SIP/2.0
Via: SIP/2.0/UDP hpux1.example.com
From: sip:[EMAIL PROTECTED]
To: sip:[EMAIL PROTECTED]
Contact: sip:[EMAIL PROTECTED]
It also sends a generated registration to the local registrar for
example.com:
REGISTER sip:example.com SIP/2.0
Via: SIP/2.0/UDP ob-proxy.example.com
From: sip:ob-proxy.example.com
To: sip:[EMAIL PROTECTED]
Contact: sip:[EMAIL PROTECTED]
This way, a call for [EMAIL PROTECTED] goes to wonderland.com, where it
is sent to sip:[EMAIL PROTECTED] This goes to the
example.com proxy. Based on the second registration, it is sent to
sip:[EMAIL PROTECTED]
Now, the problem with this approach is that any kind of message integrity
checks used on the registration from alice will fail, since the example.com
outbound proxy has effectively launched a man-in-the-middle attack to steal
the phone call, and route it to itself first. While current basic and digest
do not provide such integrity checks, future mechanisms which do (and its a
good idea to do it) would break this approach.
Unfortunately, the decision about how visited domain registration is done
will require standardization, as far as I can tell. I think things will
break if the client uses one approach, and the visited outbound proxy does
something different.
-Jonathan R.
---
Jonathan D. Rosenberg, Ph.D. 72 Eagle Rock Ave.
Chief Scientist First Floor
dynamicsoft East Hanover, NJ 07936
[EMAIL PROTECTED] FAX: (973) 952-5050
http://www.jdrosen.net PHONE: (973) 952-5000
http://www.dynamicsoft.com
_______________________________________________
Sip-implementors mailing list
[EMAIL PROTECTED]
http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
