Eric Rescorla wrote:
At Fri, 27 Jul 2007 09:39:06 -0700,
Michael Thomas wrote:
Rohan Mahy wrote:
Michael,
At issue here is what the default implementor is likely to do. With a
new 4xx, the misguided but well-meaning implementor is likely to try
to "helpfully" "repair" the error without thinking about or
understanding the security context.
Using a Warning code raises the bar significantly, but still allows
automata to at least log what happened.
As I said, a receiver is completely at liberty to prevent the downgrade
by not
accepting the downgraded request.
Unless, of course, someone is impersonating the receiver.
Given how tangled up SIPS is, I really no idea what you're talking
about, or whether it's even responsive to my suggestion. Last I heard,
the entire raison d'etre of SIPS was that the next hop is cryptographically
identified via TLS. I'm guessing that you're not suggesting that TLS
is useless against impersonation attacks.
Mike
_______________________________________________
Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
