> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean > Willis > > ------- Original message ------- > From: Eric Rescorla <[EMAIL PROTECTED]> > > Even in the absence of signatures, DTLS-SRTP provides significant > > value because you need to actively modify both the signalling > > and the media (what draft-ietf-sip-media-security-requirements > > calls active-signaling-active-media). > > AFAIK (which admittedly is not all that far) if you have no fingerprint, > you lose a key advantage of DTLS-SRTP, which is the ability to correlate > media and signaling. Without this, we're still subject to all the media > insertion attacks, some of which do not even require MITM.
Eric (I think) and I are not talking about having no dtls-srtp fingerprint - that's an SDP attribute. We're talking about not having the rfc4474 signature signing that fingerprint attribute. Even without the rfc4474 signature, an attacker has to be able to modify that SDP fingerprint attribute to succeed, and thus be in the signaling path. The rfc4474 signature just prevents anyone between the signer and verifier from being able to do so. If the rfc4474 mechanism is signed at the originating domain and verified at the terminating domain, that's fairly useful. It's not secure end-to-end, because anything between the UAC and signer, the signer itself, the verifier itself, or anything between the verifier and the UAS, can be active mitm. But the assumption is the UAC trusts its domain, and the UAS trusts its domain, and the domains trust each other. But if rfc4474 can be re-signed by middle-domains willy-nilly, then it's just hop-by-hop trust which SIP already has today so there's little point in incurring the cost of signing and verifying. The dtls-srtp-framework fingerprint attribute already has the hop-by-hop trust model without rfc4474. -hadriel _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
