Also look at the section on using S/MIME in RFC3261 and the refinement of it in draft-peterson-sip-identity-01.txt
RjS On Fri, 2002-09-20 at 14:36, Igor Slepchin wrote: > Take a look at > http://www.jdrosen.net/papers/draft-rosenberg-sip-http-pnonce-00.txt for a > way to protect arbitrary SIP headers. > > Thank you, > Igor Slepchin > > > > -----Original Message----- > > From: Taisto Qvist [mailto:[EMAIL PROTECTED]] > > > > Hi gurus, > > > > I've been going through a few megs of rfc's and drafts > > on SIP etc, and one thing just struck me, so I thought Id check. > > > > Using the Digest authentication method, based on HTTP, > > could give me messageintegrity on the sip-body... > > So noone else should be able to send in registration > > claiming to be me etc....but is there anything stopping > > the attacker from modifying the Contact: -parameters? > > Since these are not the body..he could add whatever in those > > without anyone noticing right? > > > > (assuming he fixes the listing in the reply as well naturally) > > > > Or have I missed something? > > > _______________________________________________ > Sip-implementors mailing list > [EMAIL PROTECTED] > http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors _______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
