[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] Thoughts on SIP Identity issues

To: "'Eric Rescorla'" <ekr at networkresonance.com>, "'Elwell, John'" <john.elwell at siemens.com>
Subject: Re: [Sip] Thoughts on SIP Identity issues
From: "Dan Wing" <dwing at cisco.com>
Date: Tue, 5 Aug 2008 07:56:12 -0700
Authentication-results: sj-dkim-1; header.From=dwing at cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; );
Cc: 'Cullen Jennings' <fluffy at cisco.com>, 'SIP IETF' <sip at ietf.org>, "'Uzelac, Adam'" <Adam.Uzelac at globalcrossing.com>
Delivered-to: ietfarch-sip-web-archive at core3.amsl.com
Delivered-to: sip at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; l=842; t=1217948173; x=1218812173; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing at cisco.com; z=From:=20=22Dan=20Wing=22=20<dwing at cisco.com> |Subject:=20RE=3A=20[Sip]=20Thoughts=20on=20SIP=20Identity= 20issues |Sender:=20; bh=omRycWAx/RXJh3Dc30o7tooJSNqNoJkDCS/0c1zBoxE=; b=A/6qYMfHhrzHMn1sivzsxuzc5u2F+gQNMj39RZsXWT6car8lp7CTU9Go7X IAE3Wp8UzeMHMY5g50nSZB6d2iu3pY2XkNy2Ggo4q7/s6KXD/aJFlem/ZCRV gAlwqgrCj2J7oOhJJ6kzmrH5tY8CUUKQD0bb4Mk3aE2qdOs5wxHwI=;
In-reply-to: <20080805145945.5B61650846@romeo.rtfm.com>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <0D5F89FAC29E2C41B98A6A762007F5D0F266CD@GBNTHT12009MSX.gb002.siemens.net><02829328-7B0E-41AB-B325-01246363D09C@cisco.com><4DAE5E60BA49D8419D7C8832503F5FFC072817AF26@EVS10.ams.gblxint.com><0D5F89FAC29E2C41B98A6A762007F5D0F26CCB@GBNTHT12009MSX.gb002.siemens.net><48919248.7060600@cisco.com><0ae201c8f310$d183a0f0$3675150a@cisco.com><E6C2E8958BA59A4FB960963D475F7AC30F04C561DB@mail.acmepacket.com><20080731205152.03E7E514892@kilo.rtfm.com><E6C2E8958BA59A4FB960963D475F7AC30F04C5632F@mail.acmepacket.com><20080801010212.654B5515743@kilo.rtfm.com><0a2101c8f3b1$b75dd500$6a94150a@cisco.com><20080801134611.1B8C9516C54@kilo.rtfm.com><0D5F89FAC29E2C41B98A6A762007F5D0F565E1@GBNTHT12009MSX.gb002.siemens.net> <20080805145945.5B61650846@romeo.rtfm.com>
Sender: sip-bounces at ietf.org
Thread-index: Acj3CqnEDe6Ho8ICQC6wcC4x4trtIgAAC+ag

...
> Sure, but again, that requires examining every single piece 
> of the message
> which you wish to exampt from the signature and determine whether
> there is some important attack that can be mounted by modifying
> that section. As I noted above, those questions are not necessarily
> immediately apparent.

Implicit in that argument is that 4474 got it right.

We know it already isn't done correctly with RFC4474 for unidirectional media
(draft-kaplan-sip-baiting-attack).  To get bi-directional media, an attacker
would need to share a NAT or a TURN server with the identity they want to
spoof (e.g., a bank, a pizza restaurant, a political organization), and the
attacker would need to obtain the same UDP port from the NAT or TURN server
within RFC4474's replay window (which is recommended to be 10 minutes).

-d

_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

Follow-Ups:
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Eric Rescorla

References:
- [Sip] Thoughts on SIP Identity issues
  - From: Elwell, John
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Cullen Jennings
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Uzelac, Adam
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Elwell, John
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Jonathan Rosenberg
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Dan Wing
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Hadriel Kaplan
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Eric Rescorla
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Hadriel Kaplan
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Eric Rescorla
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Dan Wing
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Eric Rescorla
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Elwell, John
- Re: [Sip] Thoughts on SIP Identity issues
  - From: Eric Rescorla

Prev by Date: Re: [Sip] Thoughts on SIP Identity issues
Next by Date: [Sip] Anti SPAM verification messages
Previous by thread: Re: [Sip] Thoughts on SIP Identity issues
Next by thread: Re: [Sip] Thoughts on SIP Identity issues
Index(es):
- Date
- Thread