[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] Thoughts on SIP Identity issues

To: Hadriel Kaplan <HKaplan at acmepacket.com>
Subject: Re: [Sip] Thoughts on SIP Identity issues
From: Eric Rescorla <ekr at networkresonance.com>
Date: Thu, 31 Jul 2008 18:02:11 -0700
Cc: 'Cullen Jennings' <fluffy at cisco.com>, "'Uzelac, Adam'" <Adam.Uzelac at globalcrossing.com>, 'SIP IETF' <sip at ietf.org>, "'Elwell, John'" <john.elwell at siemens.com>, Dan Wing <dwing at cisco.com>
Delivered-to: ietfarch-sip-web-archive at core3.amsl.com
Delivered-to: sip at core3.amsl.com
In-reply-to: <E6C2E8958BA59A4FB960963D475F7AC30F04C5632F@mail.acmepacket.com>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <0D5F89FAC29E2C41B98A6A762007F5D0F266CD@GBNTHT12009MSX.gb002.siemens.net> <02829328-7B0E-41AB-B325-01246363D09C@cisco.com> <4DAE5E60BA49D8419D7C8832503F5FFC072817AF26@EVS10.ams.gblxint.com> <0D5F89FAC29E2C41B98A6A762007F5D0F26CCB@GBNTHT12009MSX.gb002.siemens.net> <48919248.7060600@cisco.com> <0ae201c8f310$d183a0f0$3675150a@cisco.com> <E6C2E8958BA59A4FB960963D475F7AC30F04C561DB@mail.acmepacket.com> <20080731205152.03E7E514892@kilo.rtfm.com> <E6C2E8958BA59A4FB960963D475F7AC30F04C5632F@mail.acmepacket.com>
Sender: sip-bounces at ietf.org
User-agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.1 Mule/5.0 (SAKAKI)

At Thu, 31 Jul 2008 20:54:43 -0400,
Hadriel Kaplan wrote:
> 
> 
> 
> > -----Original Message-----
> > From: Eric Rescorla [mailto:ekr at networkresonance.com]
> >
> > Funny you should mention that.
> >
> > It's becoming increasingly clear that VBR codecs leak a fair
> > amount of information, even when they are encrypted [WBC+08].
> > So, if, for instance, you were planning to use a fixed-rate
> > codec and an attacker could force you into a VBR codec, that
> > might leak information.
> 
> Fascinating paper. (truly) But it sounds more like just a reason to
> fix SRTP for VBR, through random padding or whatever.

I haven't studied the problem, but I suspect random padding
is of limited use because it averages out. Probably better
to use a fixed length codec.

However, I think focusing on that misses the larger point: the UAC and
UAS have certain desires as expressed in the messages/SDP
To the extent to which we allow the intermediaries to change
those messages, we need to carefully analyze each instance,
and this analysis may actually depend on facts yet to be 
discovered.
-Ekr
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

Follow-Ups:
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Dan Wing

References:
- [Sip] Thoughts on SIP Identity issues
  - From: Elwell, John
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Cullen Jennings
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Uzelac, Adam
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Elwell, John
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Jonathan Rosenberg
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Dan Wing
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Hadriel Kaplan
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Eric Rescorla
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Hadriel Kaplan

Prev by Date: Re: [Sip] Thoughts on SIP Identity issues
Next by Date: Re: [Sip] Thoughts on SIP Identity issues
Previous by thread: Re: [Sip] Thoughts on SIP Identity issues
Next by thread: Re: [Sip] Thoughts on SIP Identity issues
Index(es):
- Date
- Thread