As many of you are aware, the signature created by SIP-Identity (RFC4474) breaks if an SBC or B2BUA modifies the SDP in the SIP body. Typically these modifications include changing the m/c lines (to direct the RTP media through the SBC itself, or through a transcoder), or performing other adjustments of the SDP to interwork with bugs and features of other SIP networks or other endpoints.
I just submitted a draft, "SIP Identity using Media Path", which describes a mechanism that allows RFC4474-like signatures and also allows SBCs and B2BUAs to modify the message's SDP. Links to HTML and plain text versions of the Internet Draft are below. Abstract: The existing SIP identity mechanism (RFC4474) creates a signature over the SIP body, including the entire SDP. As part of their normal operation, Session Border Controllers (SBCs) and SIP Back-to-Back User Agents (B2BUAs) modify various fields in the SDP, breaking the signature. This document defines a new mechanism to securely identify the originator of a SIP message while also allowing modification of the SDP by SBCs and B2BUAs. This new mechanism creates a signature over certain SIP headers and certain SDP lines. Proof of identity over the media path using DTLS, TLS, HIP, and an extension to ICE are described. Please send comments on this draft to the SIP mailing list at [EMAIL PROTECTED] -d ----- HTML version: http://tinyurl.com/25539z http://svn.resiprocate.org/rep/ietf-drafts/dwing/draft-wing-sip-identity-med ia-00.html plain text version: http://tinyurl.com/2gldnv http://svn.resiprocate.org/rep/ietf-drafts/dwing/draft-wing-sip-identity-med ia-00.txt _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
