[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] Request header integrity in HTTP Digest

To: Jonathan Rosenberg <jdrosen@dynamicsoft.com>
Subject: Re: [Sip] Request header integrity in HTTP Digest
From: James Undery <jundery@ubiquity.net>
Date: Mon, 18 Jun 2001 06:53:37 -0400
Cc: "'sip@ietf.org'" <sip@ietf.org>
List-Id: Session Initiation Protocol <sip.ietf.org>
Sender: sip-admin@ietf.org

Jonathan Rosenberg wrote:

> Folks,
>
> I've just submitted a new I-D to the archives. It proposes a mechanism
that
> allows HTTP Digest to provide request header integrity. This means that
the
> server can verify that the request was sent by a specific party, and that
> certain header fields, such as the To, From, Contact, and Call-ID, were
not
> altered.
>
> Amazingly, the proposal requires no protocol changes in the way HTTP
Digest
> works, nor does it require any change in the behavior of clients. It is
> purely a server implementation choice. I call the proposed approach
> "predictive nonces", as its based on a computation of the nonce based on a
> prediction of the values of specific invariant headers in the resubmitted
> request (namely, that they are unchanged from the original request that is
> being challenged). It also works for HTTP, but is less useful there. The
> approach is totally stateless as well, unlike one time nonces, which are
> not.
>
> Until the draft appears in the archives, you can pick up a copy at:
>
> http://www.jdrosen.net/papers/draft-rosenberg-sip-http-pnonce-00.txt
>
> I think this will address some important security concerns raised on the
> list, many of which are summarized in the draft.
>
> Comments, questions, and criticisms welcome as always.

There is a large and obvious flaw, this mechanism provides NO protection
against sophisticated man in the middle attacks. If the man in the middle
alters the first request and passes back the pnonce to the user who
authenticates it, when the man in the middle alters the second request it is
perfectly acceptable to the registrar. The backwards compatibility is
exactly
the thing that breaks this attempted solution.

On the subject of man in the middle attacks being to hard to launch, I'd
direct
you to the recent problems of SourceForge.net and Apache.org where an ISP
was
compromised leading to break ins on both these sites through man in the
middle
attacks.

James Undery

_______________________________________________
Sip mailing list
Sip@ietf.org
http://www.ietf.org/mailman/listinfo/sip

Prev by Date: RE: [SIP] Killing hung media streams
Next by Date: [Sip] I-D ACTION:draft-ietf-sip-callerprefs-04.txt
Previous by thread: [Sip] Request header integrity in HTTP Digest
Next by thread: RE: [Sip] Request header integrity in HTTP Digest
Index(es):
- Date
- Thread