[Serusers] uri==myself check and record_route()

Maxim Sobolev sobomax at portaone.com
Thu Oct 23 14:52:34 CEST 2003 

Juha Heinanen wrote:

> Maxim Sobolev writes:
> 
>  > >   - If From doesn't contain a domain the proxy is responsible from then
>  > >     we can't use digest authentication--the sender wouldn't be able to
>  > >     generate proper reply.
>  > > 
>  > >     In this case the proxy compares To tag with ftag parameter value
>  > >     from it's Route header field. If they are same then the dialog was
>  > >     established using the proxy and we are done -- we can relay the
>  > >     request.
> 
> the above is true if dialog was established by local user.  in case the
> dialog was established by foreign user and that foreign user sends
> another, in-dialog request, then ftag will be equal to from tag.
> 
> so i implemented a function that checks if ftag is equal to either from
> or to tag, but didn't find it very useful after all.  such test namely
> adds very little value to just checking if the request has to tag and
> dropping the ones that don't and are not send by or to a local user.
> 
>  > It should be relatively easy to do it - upon startup SER can generate 
>  > some random string and then, when INVITE arrives, calculate one-way hash 
>  > using this value and some other parameters that must persist during the 
>  > dialog - e.g. Call-Id, From tag etc, then inserting it as a parameter 
>  > into the Record-Route field. Then we can always check is the mid-dialog 
>  > request should be serviced by us.
> 
> yes, i too have suggested that we do something like that.  this kind of
> scheme, however, has no protection over faking new requests or replays
> if someone gets hold of one real request.

Yes, that's true, but it IMHO is impossible to do something about that. 
In real world, however, it is very unlikely that a complete stranger 
will be able to get somehow real request, to do this he should be able 
to sniff communication channel between UA and proxy, in this case even 
digest-based auth mechanism would be pretty weak.

> also, if one gets hold of
> several real requests, then it would be possible to figure out what the
> key was unless the key changes often enough.  so i have been wondering,
> if such mechanism is worth implementing.

Not quite. If cryptographically-strong hashing function is used then it 
would be almost impossible to figure out server's portion of the key, 
even if attacker will be able to sniff channel during extended period of 
time.

-Maxim

> 
> -- juha
> 
> 
>

More information about the sr-users mailing list