> -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf Of > Jonathan Rosenberg > Sent: Monday, March 30, 2009 5:26 PM > > Consider this litmus test: > If the signaling actually came from Mary (perhaps as a third party), but > the media goes/comes to/from Bob, who should appear on the caller ID? I > say - Bob.
So what does 10.0.200.6:45001 mean to you? Bob or Mary? And since the SDP only indicates where to send your media to, not where it comes from, what does it mean to you to get a session request where the caller asks you to send media to 10.0.200.6:45001, but it can come from anywhere? The thing is an IP:port is NOT an Identity. It's not a secure assertion of anything. Signing it doesn't *prove* anything. It neither prevents media spoofing injection nor interception. It's only the signing of the dtls fingerprint by binding it to the signaling identity that provides strong "media" identity. -hadriel _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [email protected] for questions on current sip Use [email protected] for new developments on the application of sip
