Raphael Coeffic wrote: > Dan Wing wrote: >> Thanks for publishing that attack. It has similarities with the attack >> described by Hadriel in >> http://tools.ietf.org/html/draft-kaplan-sip-baiting-attack. >> >> > Yes, it also modifies part of the request which are not signed by the > authentication/signature algorithm. I should mention this draft in a > later version. > > However, the goal is not the same. Hadriel's draft is focused on > impersonation, whereby the other draft is focused on breaking the > authentication done at the proxy. The second difference is that it > works right now with any publicly reachable SIP provider. >
I'm intrigued by the variation in fig2. How often are you finding two proxies in different administrative domains that use the same credentials? Or is the attack more focussed towards Alice using multiple sets of credentials? I think that the variation in fig3 can be addressed to some degree by using GRUU, but I don't think that completely solves the problem. Regards, Michael _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [email protected] for questions on current sip Use [email protected] for new developments on the application of sip
