Comments inline... Thanks & Regards, Nataraju A.B. > -----Original Message----- > From: Israel Mor [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 15, 2006 8:21 AM > To: [EMAIL PROTECTED]; [email protected] > Subject: RE: [Sip-implementors] Doubts about tag-param in to and from headerfields > > Hello ABN, > > thanks a lot for your reply! > > I was wondering that there is no real reason for the tag field to be > encrypted (secret) as all other fields in the SIP message are clear text so > it is possible to check all addresses and messages using a simple sniffer, > but I would like to confirm that to avoid any problem in interoperation in > the network. > [ABN] I don't think encryption needed any way. But don't reveal any personal information also. At minimum from-tag_1 and an another tag generated later should not end up in generating the same call-ID, From-Tag. As long as this condition is met, its fine...
Also AFAIK tag generation need not be a very complex procedure, since the COMBINATION of call-ID, from-tag, and to-tag decides about matching the dialogs/transactions (not individual components)... hence simple random number would be enough. But make sure the call-ID should be globally unique; hence the combination of the 3 elements would globally unique enough to identify the dialog... > So following RFC 3261 I believe I can use the tag with "." and include UA > own IP address like in Call-ID field, but adding some random characters. > > Regards, > > Israel > > > >From: "Nataraju A B" <[EMAIL PROTECTED]> > >To: "'Israel Mor'" <[EMAIL PROTECTED]>, > ><[email protected]> > >Subject: RE: [Sip-implementors] Doubts about tag-param in to and from > >headerfields > >Date: Wed, 14 Jun 2006 11:24:38 +0530 > > > >Comments inline... > > > >Thanks & Regards, > >Nataraju A.B. > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > >[mailto:sip-implementors- > > > [EMAIL PROTECTED] On Behalf Of Israel Mor > > > Sent: Tuesday, June 13, 2006 8:47 PM > > > To: [email protected] > > > Subject: [Sip-implementors] Doubts about tag-param in to and from > >headerfields > > > > > > Hello, > > > > > > I have some doubts about tag-param in to and from header fields: > > > > > > 1- In RFC 3261 section 19.3 page 159 it says the tag must be > > > cryptographically random with at least 32 bits of randomness. Does it > >means > > > the tag must be encrypted (secret)? Can it include the UA own IP > >address > > > like in Call-ID (section 8.1.1.4 - pg. 38)? > > > > >[ABN] here cryptographically random, mean that the tag must be at least > >32 bit random number, which must not be directly decipherable or > >understood by analysis. I don't think there is any special meaning for > >word "cryptographically" in this context... > > > >Other than this you can apply any logic to generate the tag, for example > >cryptographic hash of IP_addres, port, date, time etc., > > > >The ground requirement behind cryptographically randomness is, one > >should not be able to learn how I am generating the tags in my UA. > > > > > 2- Can the character dot (".") be included in the tag field of to and > >from > > > headers (section 25.1 - pages 221, 230, 231)? > > > > >[ABN] yes, you can use it without any issues... you can see the > >definition for "token" > > > 3- What is the meaning of "The word construct is used in Call-ID to > >allow > > > most separators to be used." (section 25.1 - pg. 221)? > > > > >[ABN] you can see the definition of "word" in > > > > word = 1*(alphanum / "-" / "." / "!" / "%" / "*" / > > "_" / "+" / "`" / "'" / "~" / > > "(" / ")" / "<" / ">" / > > ":" / "\" / DQUOTE / > > "/" / "[" / "]" / "?" / > > "{" / "}" ) > > > > > This is an example of the tag I am generating in my UA (183-Session > >Progress > > > message, for example) and I would like to know if this is a valid To > >field > > > or not: > > > > > > To: > > > > ><sip:[EMAIL PROTECTED];user=phone>;tag=sIr3.0854o.000192.168.0.1011 9 > >2. > > > 168.0.101 > > > > >[ABN] it's a valid to-tag, whatz the problem ? > > > Thanks, > > > > > > Israel Mor > > > > > > > ===================================================== > > > ======== > > > RFC 3261 > > > > > > 19.3 - pg. 159 > > > When a tag is generated by a UA for insertion into a request or > >response, it > > > MUST be globally unique and cryptographically random with at least 32 > >bits > > > of randomness. > > > Besides the requirement for global uniqueness, the algorithm for > >generating > > > a tag is implementation-specific. > > > > > > 8.1.1.4 - pg. 38 > > > Use of cryptographically random identifiers (RFC 1750 [12]) in the > > > generation of Call-IDs is RECOMMENDED. Implementations MAY use the > >form > > > "[EMAIL PROTECTED]". > > > > > > > > > 25.1 - pg. 221 > > > Many SIP header field values consist of words separated by LWS or > >special > > > characters. Unless otherwise stated, tokens are caseinsensitive. These > > > special characters MUST be in a quoted string to be used within a > >parameter > > > value. The word construct is used in Call-ID to allow most separators > >to be > > > used. > > > token = 1*(alphanum / "-" / "." / "!" / "%" / "*" / "_" / "+" / "'" / > >"'" / > > > "~" ) > > > > > > 25.1 - pg. 230 > > > >From = ( "From" / "f" ) HCOLON from-spec > > > from-spec = ( name-addr / addr-spec )*( SEMI from-param ) > > > from-param = tag-param / generic-param > > > tag-param = "tag" EQUAL token > > > > > > 25.1 - pg. 231 > > > To = ( "To" / "t" ) HCOLON ( name-addr/ addr-spec ) *( SEMI to-param ) > > > to-param = tag-param / generic-param > > > > > > > _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
