[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] Thoughts on SIP Identity issues

To: Eric Rescorla <ekr at networkresonance.com>, "Elwell, John" <john.elwell at siemens.com>
Subject: Re: [Sip] Thoughts on SIP Identity issues
From: Hadriel Kaplan <HKaplan at acmepacket.com>
Date: Wed, 30 Jul 2008 06:33:12 -0400
Accept-language: en-US
Acceptlanguage: en-US
Cc: SIP IETF <sip at ietf.org>
Delivered-to: ietfarch-sip-web-archive at core3.amsl.com
Delivered-to: sip at core3.amsl.com
In-reply-to: <20080729171219.8C9394BE674@kilo.rtfm.com>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <0D5F89FAC29E2C41B98A6A762007F5D0F266CD@GBNTHT12009MSX.gb002.siemens.net> <20080729171219.8C9394BE674@kilo.rtfm.com>
Sender: sip-bounces at ietf.org
Thread-index: Acjxni4vN1URIArpTtOJAFfiU5KmegAj2ayA
Thread-topic: [Sip] Thoughts on SIP Identity issues

> -----Original Message-----
> From: sip-bounces at ietf.org [mailto:sip-bounces at ietf.org] On Behalf Of Eric
> Rescorla
>
> Rather, I'm saying that Identity is not only to allow DTLS-SRTP, but
> also to protect other usages, so if your proposal involves changing
> fields which would render those other usages insecure, we have a
> potential problem. For instance, as I understood Hadriel's comments at
> the mike, he thinks he should be able change Call-Id in
> non-offer/answer cases.

Yup.  In particular, I'm claiming that we should sign something else to provide cut/paste protection rather than the call-id and cseq header fields.
I say that because I believe 4474 is signing them for the purpose of cut/paste type protection, not because we actually care whether the call-id/cseq values are changed by a MitM.


> Before we consider that, we would need a
> security analysis of the impact of changing Call-iD.

Yup, and CSeq, and Contact.

-hadriel
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

References:
- [Sip] Thoughts on SIP Identity issues
  - From: Elwell, John
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Eric Rescorla

Prev by Date: [Sip] WGLC on draft-ietf-avt-dtls-srtp
Next by Date: Re: [Sip] Thoughts on SIP Identity issues
Previous by thread: Re: [Sip] Thoughts on SIP Identity issues
Next by thread: Re: [Sip] Thoughts on SIP Identity issues
Index(es):
- Date
- Thread