Hi
I've read sip-policy-framework draft recently
The "Security Consideration" part mainly talks about the confidentiality
issues . But I think there is one more security consideration which isn't taken
into account in this draft. As there is no mechanism helping the proxy ensure
the UA has changed the parameter of the request according to the policy
received from a policy server. Thus the UA or attacker may change the policy
for some malicious purposes, and proxy will foward the session since there are
already "Policy-Id" in place.
Do you think it's a security problem or not? Can anyone give some suggest of
how to solve it?
Any comment is appreciated.
---------------------------------
雅虎邮箱,您的终生邮箱!_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
