Take a look at http://www.jdrosen.net/papers/draft-rosenberg-sip-http-pnonce-00.txt for a way to protect arbitrary SIP headers.
Thank you, Igor Slepchin > -----Original Message----- > From: Taisto Qvist [mailto:[EMAIL PROTECTED]] > > Hi gurus, > > I've been going through a few megs of rfc's and drafts > on SIP etc, and one thing just struck me, so I thought Id check. > > Using the Digest authentication method, based on HTTP, > could give me messageintegrity on the sip-body... > So noone else should be able to send in registration > claiming to be me etc....but is there anything stopping > the attacker from modifying the Contact: -parameters? > Since these are not the body..he could add whatever in those > without anyone noticing right? > > (assuming he fixes the listing in the reply as well naturally) > > Or have I missed something? > _______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
