[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03

To: "ext Dean Willis" <dean.willis at softarmor.com>, "ext Eric Burger" <eburger at standardstrack.com>, "ext Henry Sinnreich" <hsinnrei at adobe.com>
Subject: Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
From: "Schneider, Peter (NSN - DE/Munich)" <peter.schneider at nsn.com>
Date: Fri, 26 Sep 2008 09:42:58 +0200
Cc: sip at ietf.org
Delivered-to: ietfarch-sip-web-archive at core3.amsl.com
Delivered-to: sip at core3.amsl.com
In-reply-to: <39BAD92E-681C-47D9-8B4C-09604B4920F7 at softarmor.com>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <085BE88FD18EE94085EB8960172CA35901005A00 at DEMUEXC006.nsn-intra.net> <C4FEC5F0.886C%hsinnrei at adobe.com> <085BE88FD18EE94085EB8960172CA35901005B9C at DEMUEXC006.nsn-intra.net> <48DB272C.2010802 at softarmor.com> <085BE88FD18EE94085EB8960172CA35901005EA6 at DEMUEXC006.nsn-intra.net> <3250A22A-B2B3-4504-8A2D-DED9382E5D53 at softarmor.com> <085BE88FD18EE94085EB8960172CA35901006162 at DEMUEXC006.nsn-intra.net> <39BAD92E-681C-47D9-8B4C-09604B4920F7 at softarmor.com>
Sender: sip-bounces at ietf.org
Thread-index: AckfmV5U+rNDap2/SaOjqfwdhE/sTwADiCsg
Thread-topic: AW: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03

Ok, you guys finally succeeded to convince me: Interception is bad for people!

See also one inline remark below.

Peter

> -----Ursprüngliche Nachricht-----
> Von: ext Dean Willis [mailto:dean.willis at softarmor.com] 
> Gesendet: Freitag, 26. September 2008 07:33
> An: Schneider, Peter (NSN - DE/Munich)
> Cc: sip at ietf.org
> Betreff: Re: AW: [Sip] Pub request for 
> draft-ietf-sip-dtls-srtp-framework-03
> 
> 
> On Sep 25, 2008, at 2:51 PM, Schneider, Peter (NSN - DE/Munich) wrote:
> >>
> > Allowing lawful interception does not imply allowing anyone to  
> > intercept the communication. You must have access control for the  
> > facilities that allow lawful interception. Compare this with the  
> > authentication service described in RFC4474 (SIP identity). Who  
> > controls that service, can mount a man in the middle attack that  
> > cannot be detected by the means provided by DTLS-SRTP.
> 
> Which is why DTLS-SRTP allows one to run the AS on the phone, and to  
> verify the media-channel key fingerprint in voice or out-of-band. If  
> you do this, you can (assuming your OS hasn't been hacked), detect  
> MITM attacks to the extend currently provided for by our 
> mathematics.  
> That's a lot stronger than what you get by trusting the bored hourly  
> worker down at the switching center.
> 

Yes, I'm aware of that. If you do have a secure out-of-band channel, you are fine. And voice verification will also be a way for users (not for all, I'd assume).

> >>
> >>
> > Well, making DTLS-SRTP more adequate for 3GPP/TISPAN scenarios  
> > (excluding lawful interception) without making it weaker 
> would be a  
> > good thing - better now?
> 
> That sounds pretty reasonable :-).
> 
> --
> Dean
> 
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

References:
- Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
  - From: Schneider, Peter (NSN - DE/Munich)
- Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
  - From: Henry Sinnreich
- Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
  - From: Schneider, Peter (NSN - DE/Munich)
- Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
  - From: Dean Willis
- Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
  - From: Schneider, Peter (NSN - DE/Munich)
- Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
  - From: Dean Willis
- Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
  - From: Schneider, Peter (NSN - DE/Munich)
- Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
  - From: Dean Willis

Prev by Date: Re: [Sip] issues on two different session policies in the draft"draft-ietf-sip-session-policy-framework-04"
Next by Date: [Sip] again: issues on two different session policies in the draft"draft-ietf-sip-session-policy-framework-04"
Previous by thread: Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
Next by thread: Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
Index(es):
- Date
- Thread