Hello all, We have a scenario where my endpoint receives multiple crypto in the offer it selects two of them responds with them in the answer:
Offer: a=crypto:1 AES_CM_256_HMAC_SHA1_32 inline:raAXCEI2rA+J7VjZo2Z906Lwa+KHSUAW407zRJYwNOSVW5o2HtrdTyI9kq7mnA==|2^31 a=crypto:2 AES_CM_256_HMAC_SHA1_80 inline:A+F16iuXY0PISxw/nGLw+XPUWuC8xbwe7iW7mfvd9N74+aY8Bf+IyV5rVjfgmA==|2^31 a=crypto:3 AES_CM_128_HMAC_SHA1_32 inline:bshMlMoqfvrq3wq+AzhIRpe+ItcQOdlTpWk5hIkl|2^31 a=crypto:40 AES_CM_128_HMAC_SHA1_80 inline:1d97gWFDflDFwhwQ3v5lxyfXb71HiYZj7KWcOmxY|2^31 Answer: a=crypto:40 AES_CM_128_HMAC_SHA1_80 inline:rMForMVpTrQku+UmbMVBsPiSNXyiwORmHpwU7cAH|2^31 a=crypto:2 AES_CM_256_HMAC_SHA1_80 inline:gZHOYoDVOBWyTaSbP3sW9CFbinuxZnetVe5LVBxqXJzrss9kW1qRzgdO9AQZQw==|2^31 My endpoints selects two of the valid matching crypto and sends this back in the answer. Now the offerer claims that we should have responded with only ONE crypto citing these excerpts from rfc4568. 1) The ordering of multiple "a=crypto" lines is significant: the most preferred crypto line is listed first. Each crypto attribute describes the crypto-suite, key(s), and possibly session parameters offered for the media stream. In general, a "more preferred" crypto-suite SHOULD be cryptographically stronger than a "less preferred" crypto-suite. 2) When the answerer receives the initial offer with one or more crypto attributes for a given unicast media stream, the answerer MUST either accept exactly one of the offered crypto attributes, or the offered stream MUST be rejected Our understanding of second point is that we can send multiple crypto in the answer incase they exactly matches with those received in the offer. Need your inputs regarding our understanding of this scenario. Thanks in advance. -kashif _______________________________________________ Sip-implementors mailing list Sip-implementors@lists.cs.columbia.edu https://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
