Hi gurus, I've been going through a few megs of rfc's and drafts on SIP etc, and one thing just struck me, so I thought Id check.
Using the Digest authentication method, based on HTTP, could give me messageintegrity on the sip-body... So noone else should be able to send in registration claiming to be me etc....but is there anything stopping the attacker from modifying the Contact: -parameters? Since these are not the body..he could add whatever in those without anyone noticing right? (assuming he fixes the listing in the reply as well naturally) Or have I missed something? Kind Regards Taisto Qvist IP Solutions.se _______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
