[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sip] verification of diversion header (draft-levy)

To: sip@ietf.org
Subject: [Sip] verification of diversion header (draft-levy)
From: Juha Heinanen <jh@tutpro.com>
Date: Thu, 4 Sep 2003 19:47:29 +0300
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/sip>,<mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>,<mailto:sip-request@ietf.org?subject=unsubscribe>
Sender: sip-admin@ietf.org

according to draft-levy-sip-diversion-06.txt, an UAS can include a
diversion header in 302 reply.  how can the proxy or UAC verify that the
uri included the diversion header really belongs to the user of the UAS?

security section of draft-levy doesn't mentions any problems related to
faked uri in the diversion header, but they can be very serious, e.g.,
cause someone else pay for the call diverted to an expensive pstn
number.

-- juha


_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip

Follow-Ups:
- Re: [Sip] verification of diversion header (draft-levy)
  - From: Cullen Jennings

Prev by Date: RE: [Sip] SIPIT Interop problem with ;user=phone
Next by Date: [Sip] sip-session-timer-11: why explicitly impose proxy restrictions on all the b2bua's
Previous by thread: [Sip] I-D ACTION:draft-camarillo-sip-rfc3312-update-00.txt
Next by thread: Re: [Sip] verification of diversion header (draft-levy)
Index(es):
- Date
- Thread