[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03

To: "Schneider, Peter (NSN - DE/Munich)" <peter.schneider at nsn.com>
Subject: Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
From: Dean Willis <dean.willis at softarmor.com>
Date: Fri, 26 Sep 2008 00:32:37 -0500
Cc: sip at ietf.org
Delivered-to: ietfarch-sip-web-archive at core3.amsl.com
Delivered-to: sip at core3.amsl.com
In-reply-to: <085BE88FD18EE94085EB8960172CA35901006162 at DEMUEXC006.nsn-intra.net>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <085BE88FD18EE94085EB8960172CA35901005A00 at DEMUEXC006.nsn-intra.net> <C4FEC5F0.886C%hsinnrei at adobe.com> <085BE88FD18EE94085EB8960172CA35901005B9C at DEMUEXC006.nsn-intra.net> <48DB272C.2010802 at softarmor.com> <085BE88FD18EE94085EB8960172CA35901005EA6 at DEMUEXC006.nsn-intra.net> <3250A22A-B2B3-4504-8A2D-DED9382E5D53 at softarmor.com> <085BE88FD18EE94085EB8960172CA35901006162 at DEMUEXC006.nsn-intra.net>
Sender: sip-bounces at ietf.org


On Sep 25, 2008, at 2:51 PM, Schneider, Peter (NSN - DE/Munich) wrote:

Allowing lawful interception does not imply allowing anyone tointercept the communication. You must have access control for thefacilities that allow lawful interception. Compare this with theauthentication service described in RFC4474 (SIP identity). Whocontrols that service, can mount a man in the middle attack thatcannot be detected by the means provided by DTLS-SRTP.

Which is why DTLS-SRTP allows one to run the AS on the phone, and toverify the media-channel key fingerprint in voice or out-of-band. Ifyou do this, you can (assuming your OS hasn't been hacked), detectMITM attacks to the extend currently provided for by our mathematics.That's a lot stronger than what you get by trusting the bored hourlyworker down at the switching center.

Well, making DTLS-SRTP more adequate for 3GPP/TISPAN scenarios(excluding lawful interception) without making it weaker would be agood thing - better now?


That sounds pretty reasonable :-).

--
Dean
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

Follow-Ups:
- Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
  - From: Schneider, Peter (NSN - DE/Munich)

References:
- Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
  - From: Schneider, Peter (NSN - DE/Munich)
- Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
  - From: Henry Sinnreich
- Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
  - From: Schneider, Peter (NSN - DE/Munich)
- Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
  - From: Dean Willis
- Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
  - From: Schneider, Peter (NSN - DE/Munich)
- Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
  - From: Dean Willis
- Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
  - From: Schneider, Peter (NSN - DE/Munich)

Prev by Date: Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
Next by Date: [Sip] Subnot etags ready?
Previous by thread: Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
Next by thread: Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
Index(es):
- Date
- Thread