[SR-Users] Call-ID Uniqueness and safety?
Mark Boyce
mark at darkorigins.com
Thu Feb 13 18:20:09 CET 2020
Hi Alex
The thought process our side was more in these stages;
- What if they’re not unique?
- What would it affect?
- Could it be used as an exploit?
- If not do we care?
… and wondered what others thought about it.
I think you’re/Fred/Daniels points of a simple sanity check on them is probably the simplest/best answer. We can then reject a UA as too broken for us to want to deal with if it fails.
We’ve also added a $dlg_var(dlg_uuid)=$uuid(g) just to tie some other state stuff in to
Mark
> On 13 Feb 2020, at 16:35, Alex Balashov <abalashov at evaristesys.com> wrote:
>
> Also, RTPEngine keys live calls by a combination of Call-ID + available
> tags + optional Via-branch parameter. The odds of forging all of these
> are just astronomically low.
>
> If your concern is that an endpoint can overwrite its own recordings or
> whatnot, one should note that an endpoint can store a history of its own
> previously used Call-IDs and other unique identifiers regardless of
> length or the merits of the randomisation algorithm.
>
> -- Alex
>
> On Thu, Feb 13, 2020 at 11:21:21AM -0500, Alex Balashov wrote:
>
>> On Thu, Feb 13, 2020 at 10:59:47AM +0000, Mark Boyce wrote:
>>
>>> That’s exactly where we ended up. We’ve just added code to assign a
>>> uuid to each new dialog as it’s created. Which when logged via acc
>>> gives us the extra unique reference.
>>
>> The trouble with that is it requires you to do a lot of gymnastics to
>> keep extra state. Using Call-ID as a key allows you to operate on calls
>> in a way that makes use solely of information contained in the SIP
>> message itself.
>>
>> In an essentially thermodynamic sense, more state means more complexity,
>> and more fragility due to the inevitable bugs and corner cases that any
>> moving part and synchronisation effort brings.
>>
>> Call-IDs are required to be adequate GUIDs by the standard, and are
>> sufficiently unique that the chance of a malicious collision is
>> infinitesimal. Even short, bad GUIDs tend to be quite mathematically
>> unique, unless they're just so comically short as to make a mockery of
>> the GUID requirement.
>>
>> I would carefully weigh the economic and technical trade-offs of
>> assigning calls UUIDs on your side and maintaining that mapping. A more
>> pragmatic policy might be to reject requests with a Call-ID that is
>> below a certain string length.
>>
>> -- Alex
>>
>> --
>> Alex Balashov | Principal | Evariste Systems LLC
>>
>> Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
>> Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
> --
> Alex Balashov | Principal | Evariste Systems LLC
>
> Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
> Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
More information about the sr-users
mailing list