On Nov 21, 2008, at 7:16 AM, Elwell, John wrote:
Well, you could argue that P-Asserted-Identity is btn security - you
simply have to trust the chain of SIP intermediaries without having
visibility of who exactly is in that chain. I am not convinced that
DERIVE, either in its current documented form or taking into account
the
many helpful suggestions during the last couple of weeks, can really
claim to add very much.
So here's a scenario to play against. It's not exactly in the scope of
DERIVE, although one might see DERIVE as a defense.
I crate a CA cert claiming to be for "elwell.org" and use it to sign a
cert for "sip.elwell.org".
I then generate INVITE requests for everybody on the SIP mailing list,
with RFC 4474 Identity headers signed by "sip.elwell.org" and send
them off UDP. Not from a real SIP UP, but from a simple harassment
program.
How many phones ring straight away? How many other people are going to
look at the cert, presume you are a reasonable guy to be getting a
signed request from and accept the call?
How do existing identity mechanisms protect against this? What other
mechanisms might be operationally used to check it?
Remember, with BTN security, we're talking "things that keep basic
script kiddies from being annoying", not "things that defeat somebody
who can cache-poison DNS" (although there may be some script-kiddies
doing that these days).
--
Dean
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
