controller to the controlled parties and to make the controlled SIP endpoints
exchange RTP media with each other. If the controller has the same identity as
one of the parties (for example, if the controller is just another device that is
associated with A in Figure 11.5), then no new authorization or identity issues
are caused by this. However, if the controller is a different identity, then this
scenario can appear to the parties involved as a man in the middle attack
(MitM). That is, B is exchanging signaling with the controller, but media with
A. Note that since the controller is not actually manipulating and modifying
the SDP, but is just cutting and pasting it from one message to another, it is
possible that the SDP bodies could be encrypted with S/MIME. A and B could
use this to securely exchange SRTP master keys to have an encrypted and
authenticated media session between them.Figure 11.5 Basic third-party call controlParty A Party B
1 INVITE with no media SDP2 200 OK with no media SDP- Controller sets up
call to A using SDP
with no media lines.
Controller and
party A can
be on same
desktop- Controller sets up
call to B and gets SDP
data from B. - Controller re-INVITEs
A using SDP data from B.
Party B receives the SDP
from A in the ACK.
Conversation between
A and B. - Party A originates BYE
to controller who in turn
sends BYE to party B. The
BYEs are confirmed and
the call is terminated.
10 RTP Session from A to B4 INVITE8 ACK with SDP from A12 BYE7 200 OK with SDP from A11 BYE3 ACK6 INVITE using SDP from B9 ACK14 200 OK
13 200 OK5 200 OK with SDP from BController204 Chapter 11