At Wed, 6 Aug 2008 09:29:13 -0700, Dan Wing wrote: > > > > > -----Original Message----- > > From: Cullen Jennings [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, August 05, 2008 7:54 PM > > To: Dan Wing > > Cc: 'Eric Rescorla'; 'Elwell, John'; 'Hadriel Kaplan'; > > 'Jonathan Rosenberg'; 'SIP IETF'; 'Uzelac, Adam' > > Subject: Re: [Sip] Thoughts on SIP Identity issues > > > > > > On Aug 5, 2008, at 10:26 , Dan Wing wrote: > > > > >>>> > > >>>> With that said, ISTM that this cuts against your argument > > >>>> that we should > > >>>> be signing less of the message, since the failure of RFC > > >> 4474 (to the > > >>>> extent there is one) in this case is that it doesn't protect > > >>>> *enough* information. > > >>> > > >>> Neither draft-fischer-sip-e2e-sec-media and > > >>> draft-wing-sip-identity-media > > >>> simply "sign less" -- please do not mis-characterize the > > >>> proposals. Both > > >>> proposals require a public key exchange with the remote > > >>> party -- which > > >>> is far stronger than just using the IP address of the remote party > > >>> as is done by RFC4474. > > >> > > >> I don't actually think this characterization of 4474 is that > > >> accurate. > > >> RFC 4474 does not use the IP address for authenticating the media. > > >> Rather, it authenticates the IP address as well as the rest of the > > >> SDP > > > > > > Which draft-kaplan-sip-baiting shows is insufficient at its intended > > > purpose. > > > > I probably disagree but to sort that out ... What exactly do you see > > as the purpose of 4474 which the baiting draft shows it does not meet? > > The purpose of 4474 is to identity the calling party.
Well, I wasn't an author of 4474, but that's not what I take to be its purpose. Rather, I think the purpose is to provide cryptographic data origin authentication and message integrity, which it does. Here's what the abstract says: The existing security mechanisms in the Session Initiation Protocol (SIP) are inadequate for cryptographically assuring the identity of the end users that originate SIP requests, especially in an interdomain context. This document defines a mechanism for securely identifying originators of SIP messages. It does so by defining two new SIP header fields, Identity, for conveying a signature used for validating the identity, and Identity-Info, for conveying a reference to the certificate of the signer. The identity of the message originator is a critical part of identifying the calling party, but I think it's also equally clear that it's necessary but not sufficient, since in the absence of cryptographic authentication for the media (i.e., SRTP), a sufficiently powerful (i.e., onpath) attacker can still cause mismatches between the displayed identity and the actual source of the media. For instance, if the attacker can convince Alice to call Bob, he can then hijack the media, no matter what cryptographic authentication is applied to the signalling. So, providing accurate caller identification can't be the purpose of RFC 4474 since it's trivially apparent it can't fulfill it. I would observe that this is also true about the non-SRTP proof of identity mechanisms described in draft-wing-sip-identity-media. For instance, if you use the ICE exchange described in S 4.3, the attacker can simply allow the ICE exchange to complete but then hijack the media afterwards. What ICE is providing is a liveness test for the signalling but that serves to make this an on-path attack, not to block it entirely. -Ekr _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
