I doubt that the mentioned attack is truly the only one of concern; more attacks and solutions are discussed within rfc3261 section 26.
Concerning the cseq issue, one option is to delay updating the stored remote cseq value until request passes authentication. Section 26.3.2.4 provides some additional guidance about sending 401/407 responses statelessly. > -----Original Message----- > From: [email protected] [mailto:sip- > [email protected]] On Behalf Of radhakrishna > Sent: Wednesday, July 14, 2010 5:05 AM > To: 'Rastogi, Vipul (Vipul)'; [email protected] > Subject: Re: [Sip-implementors] How sip stack can recover from the > followingerror condition..... > > Hi, > > We are already aware that this can be avoided with TLS. But how > justified is > it to use TLS just for resolving this issue? > Thanks for the suggestion anyway. > > Can any one else provide a solution from a different angle? > > Regards, > RadhaKrishna _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
