Hi!

Sorry for jumping in so late. I have a question regarding the first 
attack scenario:

What if Bob sends a reINVITE immediately after Alice has accepted the 
phone call? If the reINVITE contains Bob's SDP and Alice's client accept 
unsigned reIVNTEs then Bob would also have 2-way audio.

regards
klaus

Hadriel Kaplan schrieb:
> FYI, the draft on the Baiting attack with RFC4474 has been updated:
> http://www.ietf.org/internet-drafts/draft-kaplan-sip-baiting-attack-02.txt
> 
> I changed section 12.1 possible solution to the problem of the request being 
> delivered to unintended recipients.
> 
> This new solution only works for true SIP ends, vs. to a PSTN-gateway, but 
> based on the mailing list discussion so far that appears to be a behavior the 
> WG may want in the end.
> (Personally I feel one might as well then only make RFC4474 work for SIPS 
> URIs with S/MIME bodies, but that's just personal opinion)
> 
> -hadriel
> 
> _______________________________________________
> Sip mailing list  http://www.ietf.org/mailman/listinfo/sip
> This list is for NEW development of the core SIP Protocol
> Use [EMAIL PROTECTED] for questions on current sip
> Use [EMAIL PROTECTED] for new developments on the application of sip
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip

Reply via email to