[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] submission of a new I-D: "Dialog Event foRIdentityVErification"

To: "Dan Wing" <dwing at cisco.com>
Subject: Re: [Sip] submission of a new I-D: "Dialog Event foRIdentityVErification"
From: "Victor Pascual Ávila" <victor.pascual.avila at gmail.com>
Date: Wed, 29 Oct 2008 12:15:57 +0100
Cc: sip at ietf.org
Delivered-to: ietfarch-sip-web-archive at core3.amsl.com
Delivered-to: sip at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=tmshfsJ1mg/FSknPHwlWm9o4xK2Tdxxq4hN0fkzUVtY=; b=VY26oRrRWtZJ3HuRZvlDcEk35flauIvREXamuAbQbNvzIn2wXqGAlKC9HNjYuUGwD9 ZfCAufm1D4HRZitoXeYU1Gn0aMzpjlg54DWB+bKQZh6UHjNU0PmHk06TLaBPZ2/3+tT7 v0/jggMryu2vZqW1Sb6qEopCOtU1OBNNkn7Go=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=L9QiKMRbR1TEN/9BPa7TiRxvzv3vscDIgD8l/pdUw+IyaPmifGEXsGlFZOsYax4FM7 73TM/w4vrmos7nNT1HRz/cDaU/mcFcjeI2UR4+i5L/6TPSpRorcPx7gTW1CQLcfpiVLK DQnVvVuUOrqiWYN/HKm+BbehZaZYItjFK4F2A=
In-reply-to: <032301c93978$6b249c70$c3f0200a at cisco.com>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <618e24240810250809j664bf47ay2745cc9fbf7b0565 at mail.gmail.com> <D38ED479-3722-438A-83B8-F023E02B58A3 at softarmor.com> <200810261145.19745.ibc at aliax.net> <57762491-BE4C-4763-9312-09335B1D7C0C at softarmor.com> <084c01c938a0$a41ff390$c3f0200a at cisco.com> <cc1f582e0810280444y42b8f723w938004e902fb1180 at mail.gmail.com> <032301c93978$6b249c70$c3f0200a at cisco.com>
Sender: sip-bounces at ietf.org

Hi Dan,
Please, see my comments inline.

On Wed, Oct 29, 2008 at 4:42 AM, Dan Wing <dwing at cisco.com> wrote:
>> 2008/10/28 Dan Wing <dwing at cisco.com>:
>> > Here is another return routability check,
>> > http://tools.ietf.org/html/draft-wing-sip-e164-rrc-01#section-3.1
>> > (My I-D expired due to lack of interest.)
>>
>> It uses RFC 4474, certificates... is it really feasible in
>> this real world?
>
> No, it doesn't use RFC4474.  The steps merely show where an RFC4474
> signature could be performed.  If no RFC4474 signatures are
> being created, or validated, those steps are the 'null operation'
> (not performed).  Without those steps, it is remarkably similar
> to DERIVE.
>
>> IMHO "Dialog Event foR Identity VErification" is the more feasible
>> solution at the moment.
>
> The differences are minor.

The Return Routability Check (RRC) determines if a domain rightfully
'owns' an E.164 phone number, but DOES NOT prevent an attacker from
presenting a forged "From" header field.

As an example:

INVITE sip:victor at tekelec.com SIP/2.0
From: +14085551234 <sip:+14085551234 at iptel.org;user=phone>;tag=9fxced76sl
To: Victor <sip:victor at tekelec.com>
Call-ID: 3848276298220188511 at iptel.org
Contact: <sip:attacker at pc1.attacker.com>
Content-Type: application/sdp
Content-Length: ...

[SDP not shown]

Where iptel.org owns the +14085551234 number.

Section 3.2:
-The SUBSCRIBE should be immediately acknowledged
-A NOTIFY should be immediately created and sent


Moreover IMO:
- it requires the use of signatures (or RFC4474): see Sections 3, 3.1 and 3.2
- it is defined to be used only with e164-based SIP URIs

In short, this is a good document but, as I mentioned before, ONLY
determines if a domain rightfully 'owns' an E.164 phone number, it
doesn't ask "are you calling me?"

Thanks a lot for your comments,
-- 
Victor Pascual Ávila
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

Follow-Ups:
- Re: [Sip] submission of a new I-D: "Dialog Event foRIdentityVErification"
  - From: Dan Wing

References:
- [Sip] submission of a new I-D: "Dialog Event foR Identity VErification"
  - From: Victor Pascual Ávila
- Re: [Sip] submission of a new I-D: "Dialog Event foR Identity VErification"
  - From: Dean Willis
- Re: [Sip] submission of a new I-D: "Dialog Event foR Identity VErification"
  - From: Iñaki Baz Castillo
- Re: [Sip] submission of a new I-D: "Dialog Event foR Identity VErification"
  - From: Dean Willis
- Re: [Sip] submission of a new I-D: "Dialog Event foR IdentityVErification"
  - From: Dan Wing
- Re: [Sip] submission of a new I-D: "Dialog Event foR IdentityVErification"
  - From: Iñaki Baz Castillo
- Re: [Sip] submission of a new I-D: "Dialog Event foRIdentityVErification"
  - From: Dan Wing

Prev by Date: Re: [Sip] [RFC 4235 & draft-kuthan-sip-derive] 481 "Call doesn't exist" for initial SUBSCRIBE ?
Next by Date: Re: [Sip] draft-ietf-sip-info-events-00: Content-Type vs Info-Package [was RE: draft-ietf-sip-info-events-00: multiple packages per INFO]
Previous by thread: Re: [Sip] submission of a new I-D: "Dialog Event foRIdentityVErification"
Next by thread: Re: [Sip] submission of a new I-D: "Dialog Event foRIdentityVErification"
Index(es):
- Date
- Thread