[Rama] That is a given that B2BUA can be made to sit in the middle and exert control and there are folks who are currently doing it. I am not sure why is that going to break end-2-end security. Are you presuming that without B2BUA there would have been authentication schemes and B2BUA may not.
[brian]Yes, users wish to authenticate that they are talking to their intended recipient, and a B2BUA will break such authentication, at least one that works the way you suggest. On the other hand, B2BUAs can be media relays. They don't have to be, but they can be. With a B2BUA, one side of it is a UAS and the other side is a UAC, so when you state that media goes between a UAS and a UAC, a B2BUA could very well be in both media paths. However, a B2BUA could choose to copy the SDP from one side to the other, and thus not be in the media path. A session border controller is often implemented as a media relay B2BUA. [Rama] I am wondering of instances of why would a B2BUA need to sit between UA's media path (or act as media relay's as you call them). I can think of multicast being initiated depending on service. [brian]no, it's much easier than that. NAT traversal is an example. For some kinds of NAT, there is no address that will actually allow an end to end flow of media. You need a media relay that recieves at one address/port and relays to another address/port. Another example is a transcoder. _______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
