Scott said what I was going to say, but apparently you didn't fully get
his point.
Anybody that you permit to register with your scheme can still put any
ip it wants into the the contact addresses it registers. So you haven't
solved the problem you set out to solve. Having something special in the
user part doesn't change that. From what I can see all it solves is if a
device *accidentally* registers to the wrong AOR but still constructs
the Contact address for the intended AOR.
As far as the acceptability of mandating a particular form for the user
part - it isn't going to happen. Devices have been granted that part for
their own use. There are many ways it can and is used by those UAs to
encode information that is useful to them.
Regarding your authentication example: if user2 does this, and the owner
of phone1 complains, then user2 can be punished. In any case, you can
modify your example so the contact used by user2 is:
<sip:[EMAIL PROTECTED]>. In that case the registrar will permit this
according to your proposal.
Paul
Iñaki Baz Castillo wrote:
> On Thursday 17 January 2008 13:22:04 Scott Lawrence wrote:
>> On Thu, 2008-01-17 at 11:01 +0100, Iñaki Baz Castillo wrote:
>>> Hi, because SIP design an UAC is responsible for setting its "Contact"
>>> field in the REGISTER. This can be used to spoof other UAS or gateways
>>> location by malicious users.
>>>
>>> There are "not very ellegant" solutions for this issue but I'm thinking
>>> about forcing a convention:
>>>
>>> A SIP UAC with AoR "sip:[EMAIL PROTECTED]" SHOULD send a REGISTER with:
>>> Contact: <sip:[EMAIL PROTECTED]>
>>> and the registrar server SHOULD reject any REGISTER with a "Contact" not
>>> respecting this convention for the registering AoR.
>>>
>>> I set "[EMAIL PROTECTED]" since "[EMAIL PROTECTED]"
>>> would not be secure in multidomain enviroments.
>>>
>>>
>>> What could be wrong with this convention? Would it break any feature, SIP
>>> extension or rule according to any existing RFC?
>> Well, to start with, nothing that I know of does that now, and I don't
>> know of any SIP device that let's you configure the user part of a
>> Contact address. Good luck getting the vendors to change...
>
> I just know Twinkle softphone that, opcionally, creates a username part as:
> user_domain_com
>
>
>
>> In any event - what's to keep the bad guy from just obeying your
>> convention? It doesn't prevent the abuse you're worried about.
>
> But the registrar could match the "Contact" URI with the AoR in "To"
> following
> the convention. If they don't match then the registrar should reject the
> REGISTER.
>
>
>> Just requiring that the REGISTER be authenticated such that the
>> authentication identity is valid for the To address (the AOR) seems good
>> enough to me.
>
> Not at all. Suposse two AoR's:
>
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
>
> A phone1 has registered the first AoR.
>
> A second device of second AoR could send a malicious REGISTER:
>
> REGISTER sip:registrar_server.com SIP/2.0
> From: <sip:[EMAIL PROTECTED]>
> To: <sip:[EMAIL PROTECTED]>
> Contact: <sip:[EMAIL PROTECTED]> <-- NOTE user1 !!
> Authentication: [EMAIL PROTECTED] ...
>
> So when someone calls "sip:[EMAIL PROTECTED]" then phone1 will ring.
> Now replace "[EMAIL PROTECTED]" with "[EMAIL PROTECTED]".
>
> The risk exists, sure. Authentication is not enouch at all.
>
>
>
_______________________________________________
Sip-implementors mailing list
[email protected]
https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
