> -----Original Message----- > From: Jon Peterson [mailto:[email protected]] > Sent: Monday, April 13, 2009 12:22 PM > To: Dan Wing; 'Francois Audet'; 'Elwell, John'; Dean Willis > Cc: Cullen Jennings; [email protected]; 'DRAGE,Keith (Keith)' > Subject: Re: [Sip] francois' comments and why RFC4474 not > used in the field > > > > >> The only thing this attack is meant to illustrate is why > it does matter who > >> sets the IP/port. I've gathered that some people in the > discussion reject > >> the notion that there are any threats related to the > setting the IP/port in > >> the signaling layer, so I'm trying to provide an example. > > > > That is because, ** in conjunction with media-path validation ** > > (which is the important point), the attack is prevented. > > You're talking about a solution here; I'm really trying to > establish that > there's a problem. The two are not mutually exclusively - > ideally we will > have both a problem and a solution. I am however uncertain > that we have a > common understanding of the problem. > > I'm not sure I know what you mean by media-path validation, > here, but I do > think that there are many important attacks against SIP that > accomplish > their aims without ever establishing a media session. These include > signaling-layer attacks that would, for example, tear down the media > associated with an existing call. I have a hard time seeing > how anything we > do at the media layer is salient to that - again, just > speaking to high > level examples, if you accept a forged BYE request,
The BYE would be protected from forgery sufficient to detect a forgery, using mechanisms like RFC4474 protects a BYE from forgery: signing enough SIP headers to block a forgery. > that will > presumably > convince you to tear down a call regardless of anything that > media-layer > security has established. I've argued a similar requirement exists to > prevent a forged re-INVITE that just sets the IP/port to > something useless. > When I hear you say that some property of media path prevents > this sort of > attack, then I gather we must disagree about the problem, not just the > solution. Can you explain a bit what you mean here by > media-path validation > and how it prevents the sorts of attacks I just mentioned? The media-path validation is useful for INVITEs which establish media. Other methods, which do not establish media -- BYE, MESSAGE, etc. -- would receive signatures very similar to what RFC4474 does. Namely, some certain SIP headers are signed and, if present, the body is signed. -d > Jon Peterson > NeuStar, Inc. > > > -d > _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [email protected] for questions on current sip Use [email protected] for new developments on the application of sip
