Cullen Jennings wrote:
I will note that we do have security mechanism to provide
confidentially over the bodies (but not headers) for attacks from
proxies we do not have a trust relationship with - and this is one of
the aspects used in determining if certain semantics might be better in
a body or header.
Cullen <with my individual hat on>
PS - I fail to see how sipsec will help with the basic problem of if
Alice sends a call to a proxy and the proxy routes the call to some
evil user instead of sending it to Bob.
The assumption in sipsec is that Bob has a X.509 cert that Alice
verifies directly. It may be a self-signed cert, or it may be rooted
in a common CA. If former, then a fingerprint could be exchanged
a-priori between Alice and Bob.
Thanks,
- vijay
--
Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent
2701 Lucent Lane, Rm. 9F-546, Lisle, Illinois 60532 (USA)
Email: [EMAIL PROTECTED],bell-labs.com,acm.org}
WWW: http://www.alcatel-lucent.com/bell-labs
_______________________________________________
Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
