Hi, Thank you for your response. Some additional questions below.
At 14:29 02/01/01 -0500, Jonathan Rosenberg wrote: > Old email, but I wanted to respond. > > Takumi Ohba wrote: > > > Hi, > > > > Suppose a malicious user A initiates a call to a user B with the following > > INVITE to pretend a user C; > > > > INVITE > > From: SIP URL of user C > > Remote-Party-ID: SIP URL of user A; privacy=full > > > > As in the sip-privacy draft, the proxy that serves to the user A verifies > > the Remote-Party-ID header field and it passes. > > However, the proxy has no way to check the contents of the From header, as > > they should be a cryptographically random identifier for the userinfo, a nd a > > non-identifying hostname, as specified in the draft. > > > > If you want to verify the authenticity of the caller, the right way to > do that is end-to-end authentication. Unfortunately, that is quite hard, > since you frequently receive calls from people you don't know, and > therefore some kind of user level PKI needs to be around in deployed, > which is not the case. > > Relying on hbh transitivity of trust for authenticated user identities > can also work, but is risky IMHO and not very likely. In case of full privacy, the calling user doesn't want to reveal his/her ide ntification to the called user. So, isn't end-to-end authentication suitable for this case? IMHO, the proxy that serves to the calling party is responsibe for checking the contents of the From header, if the network want to assure the correctn ess of the From header. If it is the case, how can the proxy assure that the From header cantains re al cryptographically random value? _______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
