Hi Rohan,

I have following doubts in draft:

1) There is a typo (I think) in section 5.3

   If the flow in the flow token in the topmost Route header field value
   matches the source of the request, the request *in* an "outgoing"
   request.  For an "outgoing" request, the edge proxy just removes the
   Route header and continues processing the request.  Otherwise, this
   is an "incoming" request.

 Instead of "in" there should be "is"

2) Section 5.3(Forwarding Non-Register requests), evaluates inbound/outbound
on the basis of Flow token.

   If the flow in the flow token in the topmost Route header field value
   matches the source of the request, the request in an "outgoing"
   request.  For an "outgoing" request, the edge proxy just removes the
   Route header and continues processing the request.  Otherwise, this
   is an "incoming" request.

However in the mentioned decode algorithm, above mismatch will lead to
sending 403 forbidden.

   Example Algorithm:  To decode the flow token, take the flow
      identifier in the user portion of the URI and base64 decode it,
      then verify the HMAC is correct by recomputing the HMAC and
      checking that it matches.  If the HMAC is not correct, the proxy
      SHOULD send a 403 (Forbidden) response.  If the HMAC is correct
      then the proxy SHOULD forward the request on the flow that was
      specified by the information in the flow identifier.  If this flow
      no longer exists, the proxy SHOULD send a 430 (Flow Failed)
      response to the request.


I think inbound/outbound determination can be left to the proxy's own
implementation.
Regarding sending 403 response when HMAC mismatch happens, I am not clear
how will any request be sent to UEs
Considering an Edge proxy receives request from some other server
(authoritative server), the flow token in route header would be
pointing to UEs source address(or NAT mapped address) but the value which
Edge proxy will compute will be based on the source address of other server.
Thus, in case of inbound all requests will be rejected by 403 .


Please correct me !

Thanks
Hulbut
_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip

Reply via email to