"Elwell, John" <[EMAIL PROTECTED]> 写道: Ma Ji,
See below. John > -----Original Message----- > From: ji ma [mailto:[EMAIL PROTECTED] > Sent: 30 July 2007 09:28 > To: [email protected] > Subject: [Sip]RFC4916:the usage of connected identity in interdomain > > Hi folks: > > I have some questions after reading RFC4916, which > descibes a solution of ensuring the identity of the UA that > sends backward request after a dialog has formed. As far as > I'm concerned, this specification is a supplement of RFC4474, > which can only provide the validaty of the UA sending the > request. However, RFC4916's 2 examples regarding to the its > desciption only illustrate how to convey connected identity > in an assumption that the caller and callee are in the same > domain (example.com in particular), by using UPDATE messages > which renew the From field of the sender. So my question is, > can this specification resolve the authentication of the > connected identity regarding to the scenories where the > caller and callee are in different domains? > [Considering RFC4474, the authenticator will not be the > responsible proxy for the request that contains a From field > ([EMAIL PROTECTED]) that is different from its real > identity ([EMAIL PROTECTED]) ] [JRE] Although the examples show only a single domain, the RFC is equally applicable when caller and callee are in different domains. Each domain will provide its own authentication service. > > Another doubt I'm concerning about, is the content of > last two paragraphs in page 3 of RFC4916, which is said as below: > > The provision of the identity of the responder in a response > (commonly called "response identity") is outside the scope of this > document. > > Note that even if identity were to be conveyed somehow in a > response, there would in general be difficulty > authenticating the > UAS. Providing identity in a separate request allows normal > authentication techniques to be used. > > > I can't understand why it's difficult to authenticate > response messages as I thought it could be authenticated in a > way like the request it responses to(I don't know how much > different in the process it should be regarding request and > response) .So what's special for response? [JRE] SIP digest authentication is only specified for requests. In particular, there is no mechanism for challenging a response. > > Regards, > Ma Ji Thanks for reminding. When using connected identity,the sender has no reason to use the previous identity the same as the From URI of the request, who sends UPDATE which contains the new identity of the sender. More, I deliberate that authenticating the validaty of the receiver in a response(that means the To header) is also required, and so far I has not see any draft nor maillist discussing it(maybe I missed), considering the current mechanism is not enough for such issue, I thing there should be some effort to be put to take this aspect into account. Regards, Ma Ji --------------------------------- 抢注雅虎免费邮箱3.5G容量,20M附件!
_______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
