On Nov 21, 2008, at 10:04 AM, Hadriel Kaplan wrote:
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Dean
Willis
Sent: Friday, November 21, 2008 10:56 AM
I crate a CA cert claiming to be for "elwell.org" and use it to
sign a
cert for "sip.elwell.org".
I then generate INVITE requests for everybody on the SIP mailing
list,
with RFC 4474 Identity headers signed by "sip.elwell.org" and send
them off UDP. Not from a real SIP UP, but from a simple harassment
program.
How do existing identity mechanisms protect against this?
The answer to that is simple: will you pay for the calls?
Pay? I have yet to pay (beyond the basic transport cost) for a SIP
call using a domain-style address.
--
Dean
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
