Hi, Suppose a malicious user A initiates a call to a user B with the following INVITE to pretend a user C;
INVITE From: SIP URL of user C Remote-Party-ID: SIP URL of user A; privacy=full As in the sip-privacy draft, the proxy that serves to the user A verifies the Remote-Party-ID header field and it passes. However, the proxy has no way to check the contents of the From header, as they should be a cryptographically random identifier for the userinfo, and a non-identifying hostname, as specified in the draft. In this case, if the user B does not support the privacy extension, it must believe that the call has come from the user C. How can we prevent it? - Should the proxy check the validity of the From header? But how, if we allow a cryptographically random identifier in the userinfo? - Should we restrict the contents of the From header to specific values in case of full privacy, e.g. sip: dummy@localhost? But this may cause a problem in identifying a call. - Or, the proxy should always rewrite the contents of the From header with specific values? But, the SIP specs allow to rewrite the From header field? Comments, please. Regards, Takumi *************************************************** Takumi OHBA NTT Network Service Systems Laboratories tel +81 422 59 4405 fax +81 422 59 3494 e-mail [EMAIL PROTECTED] *************************************************** _______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
