Hi Dan, Please, see my comments inline. On Wed, Oct 29, 2008 at 4:42 AM, Dan Wing <[EMAIL PROTECTED]> wrote: >> 2008/10/28 Dan Wing <[EMAIL PROTECTED]>: >> > Here is another return routability check, >> > http://tools.ietf.org/html/draft-wing-sip-e164-rrc-01#section-3.1 >> > (My I-D expired due to lack of interest.) >> >> It uses RFC 4474, certificates... is it really feasible in >> this real world? > > No, it doesn't use RFC4474. The steps merely show where an RFC4474 > signature could be performed. If no RFC4474 signatures are > being created, or validated, those steps are the 'null operation' > (not performed). Without those steps, it is remarkably similar > to DERIVE. > >> IMHO "Dialog Event foR Identity VErification" is the more feasible >> solution at the moment. > > The differences are minor.
The Return Routability Check (RRC) determines if a domain rightfully 'owns' an E.164 phone number, but DOES NOT prevent an attacker from presenting a forged "From" header field. As an example: INVITE sip:[EMAIL PROTECTED] SIP/2.0 From: +14085551234 <sip:[EMAIL PROTECTED];user=phone>;tag=9fxced76sl To: Victor <sip:[EMAIL PROTECTED]> Call-ID: [EMAIL PROTECTED] Contact: <sip:[EMAIL PROTECTED]> Content-Type: application/sdp Content-Length: ... [SDP not shown] Where iptel.org owns the +14085551234 number. Section 3.2: -The SUBSCRIBE should be immediately acknowledged -A NOTIFY should be immediately created and sent Moreover IMO: - it requires the use of signatures (or RFC4474): see Sections 3, 3.1 and 3.2 - it is defined to be used only with e164-based SIP URIs In short, this is a good document but, as I mentioned before, ONLY determines if a domain rightfully 'owns' an E.164 phone number, it doesn't ask "are you calling me?" Thanks a lot for your comments, -- Victor Pascual Ávila _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
