> The interceptor didn't need credentials to get into a > location server that might translate [EMAIL PROTECTED] to > [EMAIL PROTECTED] They didn't need credentials to look > in a directory server. They just pulled the information "off > the wire" in such a way that Bob will be unable to know how > the interceptor got his location. > > The ONLY defenses Bob has against this sort of thing are: > 1) use an outbound proxy with TLS, which only works in some > architectures > 2) Train everybody that calls him to use SIPS instead of SIP.
Euh, not. There is also 3) 3) Have a policiy in the proxy associated with Bob of not delivering anything but sips. This whole debate is kind of ridiculous. It all boils down to this: either the end-user (Bob) is responsible for enforcing absolute privacy on the last hop, or (more likely), Bob's proxy is responsible for doing so. Or both. The end-user mechanism is solved by Outbound. The m proxy mechanism is solved by the proxy not delivering anything but SIPS in this case. _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
