Dean Willis wrote:
On Apr 13, 2007, at 9:58 AM, Paul Kyzivat wrote:
*This* message only reveals that Alice *thinks* Bob is reachable at
that address. Its no worse than intercepting an email from Alice to
Charlie that mentions the sip (or sips) address of Bob.
Trust me, the spooks look for those too.
If you want to prevent Alice from disclosing the address of Bob then
you have a much harder problem. I don't think this is solvable in
practice, nor do I think it needs to be solved.
If Alice had just not sent the request via SIP, but used SIPS, the it
would have been solved.
Unless Alice believes that the address itself is a secret to be
protected, she may not protect it.
AFAIK, there has never been any expectation that the presence of "sips"
in the URI carried an expectation that somebody possessing such an
address keep it confidential. Quite to the contrary, I have assumed that
the expectation was that it might be put on business cards, stored in
directories, ENUM, etc.
Since traceroute on biloxi.example.com may well give us a good idea
of the physical location of biloxi.example.com, an interceptor
picking up this message would have a good chance of being able to
find Bob.
No. Only Bob's home proxy.
In the call flow described (from 3665) there is no home proxy.
THERE IS NO REQUIREMENT THAT SIP USERS HAVE A HOME PROXY AND I WOULD BE
VERY HAPPY IF PEOPLE WOULD REMEMBER THAT!
Its fine for there to be no home proxy. But if so, then Bob must
publicize his actual address, and expect that bad guys may get access to it.
But IF there had been a home proxy in this example, and the request were
intercepted between Bob's home proxy and Bob, then it would reveal Bob's
location as understood by Bob's home proxy.
I thought the idea was that Bob himself had only the sips address. So
the link between Bob's home proxy and Bob would always be via TLS. So
the message won't be intercepted on that leg. It would have to be
intercepted before reaching his home proxy. And there it would only
reveal his AOR.
Assuming that this message is sent unencrypted when used with SIP
(instead of SIPS), it's relatively easy to intercept.
The interceptor didn't need credentials to get into a location server
that might translate [EMAIL PROTECTED] to [EMAIL PROTECTED] They
didn't need credentials to look in a directory server. They just
pulled the information "off the wire" in such a way that Bob will be
unable to know how the interceptor got his location.
I don't see how this discloses the address [EMAIL PROTECTED],
which is the only one that Bob has any chance of hiding. All Bob needs
to do is be careful in what he puts into his *response* to the above
invite. (E.g. He shouldn't put his contact address if he is rejecting
the call, and he should ensure his address isn't mentioned in a H-I
header.) If he is really paranoid about this he could simply refuse to
send any response to the invite, and let it timeout.
It discloses"[EMAIL PROTECTED]" by the very simple mechanism of
including both "[EMAIL PROTECTED]" and "[EMAIL PROTECTED]" in a
plain-text message. This disclosure occurs even if Bob never responds to
the request, and even if bob never even RECEIVES the request.
I guess we are making some significantly different assumptions about
what is going on.
Paul
_______________________________________________
Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
