------- Original message ------- From: Eric Rescorla <[EMAIL PROTECTED]> Cc: [email protected], [EMAIL PROTECTED] Sent: 15.3.'08, 8:35
> At Fri, 14 Mar 2008 21:36:29 -0500, > Dean Willis wrote: > > You MUST sign in order to be able to use DTLS-SRTP effectively. > > This is not correct. > > Even in the absence of signatures, DTLS-SRTP provides significant > value because you need to actively modify both the signalling > and the media (what draft-ietf-sip-media-security-requirements > calls active-signaling-active-media). AFAIK (which admittedly is not all that far) if you have no fingerprint, you lose a key advantage of DTLS-SRTP, which is the ability to correlate media and signaling. Without this, we're still subject to all the media insertion attacks, some of which do not even require MITM. -- dean _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
