> -----Original Message----- > From: Anthony D Pike [mailto:[email protected]] > Sent: Tuesday, April 14, 2009 8:17 AM > To: Dan Wing > Cc: 'Adam Roach'; 'Cullen Jennings'; 'Jon Peterson'; > [email protected]; 'Francois Audet'; 'DRAGE, Keith (Keith)'; 'Dean Willis' > Subject: Re: [Sip] francois' comments and why RFC4474 not > used in the field > > This is an interesting case that Adam has brought up, and I'm > sure there are many others as well. The approach I had > thought of for this type of case is to have a second > signature after the radacting has taken place, so the user > understands where it was changed and possibly why! The > original RFC 4474 signature would NOT be removed. Everytime a > modification is done to the Message Request effectively a > diff signature with a reason could be added. Unfortunately > this is pretty huge burden on the UAS to process all the > signatures if it choses to do so.
Worse is the intermediaries would have to generate new public key signatures over content they are already, presumably, encrypting with TLS (I presume it's encrypted with TLS because they care about security, which is why they would be interested in additionally doing signatures over the data, too). On SIP networks today we have intermediaries modifying SDP in transit. It's happening now, on real networks. I am really interested in preserving identity over those networks. Today we do not have intermediaries modifying MESSAGE content in transit, do we? -d > Tony > > This is a PRIVATE message. If you are not the intended > recipient, please delete without copying and kindly advise us > by e-mail of the mistake in delivery. > NOTE: Regardless of content, this e-mail shall not operate to > bind CSC to any order or other contract unless pursuant to > explicit written agreement or government initiative expressly > permitting the use of e-mail for such purpose. . > > > [email protected] wrote: ----- > > > > To: "'Adam Roach'" <[email protected]> > From: "Dan Wing" <[email protected]> > Sent by: [email protected] > Date: 04/14/2009 01:45AM > cc: "'Cullen Jennings'" <[email protected]>, "'Jon > Peterson'" <[email protected]>, [email protected], > "'Francois Audet'" <[email protected]>, "'DRAGE, Keith > \(Keith\)'" <[email protected]>, "'Dean Willis'" > <[email protected]> > Subject: Re: [Sip] francois' comments and why RFC4474 > not used in the field > > > Dan Wing wrote: > > > Other methods, which do not establish media -- BYE, MESSAGE, > > > etc. -- would receive signatures very similar to > what RFC4474 > > > does. Namely, some certain SIP headers are signed and, if > > > present, the body is signed. > > > > You're proposing signing the entire body of MESSAGE requests? > > > > But what if some intermediary, for policy reasons, wants to > > change the > > contents of a MESSAGE -- say, by redacting selected > words the service > > provider feels are inappropriate -- without the consent of > > either party? > > > > ;-) > > "file system check" is spelled f-s-c-k. > > -d > > _______________________________________________ > Sip mailing list https://www.ietf.org/mailman/listinfo/sip > This list is for NEW development of the core SIP Protocol > Use [email protected] for questions on > current sip > Use [email protected] for new developments on the > application of sip > > > > = > _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [email protected] for questions on current sip Use [email protected] for new developments on the application of sip
