At Tue, 29 Jul 2008 17:53:40 +0100, Elwell, John wrote: > > Throughout the ongoing discussions, and in particular at today's > meeting, I seem to encounter two separate, IMO flawed arguments. > > Flawed argument 1: > RFC 4474 is not just for securing the DTLS-SRTP certificate fingerprint, > but also for securing any sort of SIP request, which might not even be > session-related (e.g., MESSAGE, SUBSCRIBE). Therefore we can't change > what is signed, because that would break these other usages, and even to > some extent it would break its usage with requests that do contain SDP > but do not involve DTLS-SRTP. > > This is flawed, because it does not accept the possibility of signing a > different set of data when using DTLS-SRTP, whereby we ensure that > important things like the certificate fingerprint and codecs get signed, > but not things that might legitimately change en route, such as IP > addresses and ports. In other words, SIP requests carrying DTLS-SRTP > certificate fingerprints do not have the same requirements on integrity > protection as other SIP requests.
Well, I was the one who offered an argument of this type, but it's not quite what I'm saying. Rather, I'm saying that Identity is not only to allow DTLS-SRTP, but also to protect other usages, so if your proposal involves changing fields which would render those other usages insecure, we have a potential problem. For instance, as I understood Hadriel's comments at the mike, he thinks he should be able change Call-Id in non-offer/answer cases. Before we consider that, we would need a security analysis of the impact of changing Call-iD. -Ekr _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
