2011/10/10 Juha Heinanen jh@tutpro.com:
For platforms where you want some sort of integrity check in the message, like with S/MIME or SIP Identity, rewriting the message will break security. If we want to build secure platforms in SIP, we need to find solutions that doesn't require SDP and SIP rewrites in the proxys.
based on my observations from many users and also based what kind of new modules people have written for sr lately, there is more and more tendency towards adding b2bua kind of stuff to sip proxy.
Indeed. And honestly I don't like that at all.
if you want a secure solution, better not to use proxy at all, but some kind of p2p protocol.
But nobody here is proposing RFC 5626 for security ;) The point here is that, by implementing RFC 5626, a proxy does NOT mangle the headers so, other proxies or UA's can verify the integrity of the request (for example using Identity header). If the proxy rewrites a header then forget Identity mechanism.
One thing I realized the other night during a SIP discussion was that Ice doesn't allow a network provider to implement a policy. I don't think a proxy can't say "442 Always use media relay" and force the client to drop local addresses, like if there's a requirement for lawful intercept in the network. That will be something that needs to be added to ICE.
making it yet more complex. forget proxy if you want end-to-end security.
That's not security, it's just "local policy". Mandating the audio through a RTP tunnel is not "security".