> -----Original Message----- > From: Victor Pascual Ávila [mailto:[email protected]] > Sent: 01 April 2009 14:21 > To: Elwell, John > Cc: Jonathan Rosenberg; SIP List > Subject: Re: [Sip] Media vs Signaling identity (was Re: > francois' comments andwhy RFC4474 not used in the field) > > On Wed, Apr 1, 2009 at 12:33 PM, Elwell, John > <[email protected]> wrote: > (snip) > >> While "signaling identity" seems to be a common > denominator, I'm not > >> sure about the role of "media identity" in the above > listed scenarios. > >> Any clarification will be appreciated. > > [JRE] These too are valid situations where the identity > needs to be authenticated. Where media is involved, however, > there is an additional problem of authenticating the media, > and if the media is bound to the signalling, a solution for > authenticating the signalling would also authenticate the > media. So we either need a solution for authenticating both > signalling and media together (e.g., by authenticating the > signalling, the media too gets authenticated) or we need > separate mechanisms. Clearly the former would be preferable. > > I guess we all agree that the following scenarios are possible (please > correct me if I'm wrong): > > + Only Signaling (e.g. sender-to-receiver MESSAGE ): we need to > authenticate the signaling itself. Here we are including scenarios > where user content is embedded into the signaling plane. > + Signaling and media: we need to authenticate both signaling > and media planes > -+ Media is bound to the signaling (e.g. caller-to-callee > INVITE-transaction + caller-to-callee rtp stream(s)): we may need to > authenticate both signaling and media together. (BTW, I fail to see > the benefits of coupling media and control plane identities; specially > when considering Lawful Interception) > -+ Media is not bound to the signaling (e.g. 3PCC): we may need > separate mechanisms [JRE] This I am not so sure about. With DTLS-SRTP, authentication of the media is bound to authentication of the signalling (unless you use CA-signed certs in the endpoints for DTLS). So it seems with DTLS-SRTP we did not consider the media originating/terminating at a different device from signalling.
> > Which scenarios are we trying to cover here? > Is the receiver identity (media or signaling) as important as the > sender identity? [JRE] Yes, probably even more important in some situations. If I am going to disclose sensitive information, I need to be sure where it will end up. John _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [email protected] for questions on current sip Use [email protected] for new developments on the application of sip
