Hi Fredrik, 1) In this version I added text in the current Security Consideration to help clarify this. See the diffs in Section 13 here:
http://svn.resiprocate.org/rep/ietf-drafts/fluffy/draft-ietf-sip-outbound.diff.html I thought I already sent you a message about this topic, but in any case I will post my response here. The goal is to make sure that *no new attacks* are made possible by the introduction of this extension. An active attacker can hijack your TCP connection before you add outbound. If you want to prevent active attacks, you need TLS, whether you are using outbound or not. The most important thing to mention about the security of outbound is that is at least as secure as SIP without outbound, and that the security gets quite good when you add Digest. 2) When we originally talked about Algorithm 1 vs. Algorithm 2, there was some attack we discussed that caused us to say that hijacking is possible without the additional security in Algorithm 2. I spoke with Cullen about this today, and neither or us could recall the specific attack. It is possible that Algorithm 2 only prevents attacks that are irrelevant based on the principle I mention in point 1 above, but I want to make sure that we go back and look at the specific cases that were mentioned on the list. thanks, -rohan On 7/5/07, Fredrik Thulin <[EMAIL PROTECTED]> wrote:
DRAGE, Keith (Keith) wrote: > (As WG chair) > > We now have a new version of outbound. There hasn't exactly been a > flurry of comments since it was posted - does that mean it is now ready > for WGLC. > > It has agenda time at the next IETF meeting, with a view to starting > WGLC not long after that meeting. If you believe there are issues with > the current version of this document, then you need to post them to the > list, so that they can be either resolved there, or addressed in the > meeting. I never received an explanation of what kind of attacks could be avoided by an edge proxy using an algorithm that generates flow tokens that "cannot be modified by attackers" (section 5.2 of outbound-09). This was the last e-mail in the thread the last time I brought it up on the list : http://www1.ietf.org/mail-archive/web/sip/current/msg18336.html. This leads me to think that either 1) the security threats haven't been addressed properly or 2) that there in fact was no security threat so the requirement for an edge proxy to generate flows that "cannot be modified by attackers" is just unnecessary, and should therefor be removed or 3) there really _is_ something that gets significantly better by this requirement, and it should simply be explained in the draft. /Fredrik _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
_______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
