Hadriel Kaplan wrote:
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of
Hadriel Kaplan
Sent: Saturday, March 07, 2009 7:31 PM
But anyway, I'm not sure what you mean by the question. How is what going
to work? Stopping INVITE-based authentication relay-attacks? You don't
need an SBC-type box to stop that. Just disconnect the cable. :)
Or, use the counter-measures in the draft. Or change the protocol, or at
least the authentication mechanism.
BTW, you don't need to be an SBC to have such policies. There is nothing in
RFC 3261 which prohibits a pure Proxy from restricting who it accepts INVITEs
from, and when. There are even some clever tricks one can do to make it a
stateless mechanism.
That's a good point. Requiring the user to be registered and only
accepting requests from the registered contacts provide a fair-enough
level of security concerning the attack debated. But I am still hoping
that we could find a solution not requiring this kind of measures, which
I would call "user-restricting".
-Raphael.
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [email protected] for questions on current sip
Use [email protected] for new developments on the application of sip
