[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] submission of a new I-D: "Dialog Event foR IdentityVErification"

To: sip at ietf.org
Subject: Re: [Sip] submission of a new I-D: "Dialog Event foR IdentityVErification"
From: Iñaki Baz Castillo <ibc at aliax.net>
Date: Sat, 1 Nov 2008 13:57:55 +0100
Delivered-to: ietfarch-sip-web-archive at core3.amsl.com
Delivered-to: sip at core3.amsl.com
In-reply-to: <701FB600-CBE9-4A66-BA0C-52F3B86F0A5B at softarmor.com>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <618e24240810250809j664bf47ay2745cc9fbf7b0565 at mail.gmail.com> <cc1f582e0810310603w21a4cc7fga1d978c0fb4f5bd7 at mail.gmail.com> <701FB600-CBE9-4A66-BA0C-52F3B86F0A5B at softarmor.com>
Sender: sip-bounces at ietf.org
User-agent: KMail/1.9.9

El Viernes, 31 de Octubre de 2008, Dean Willis escribió:

> Now, from a security perspective: Who's done the analysis on whether
> DERIVE introduces new attack opportunities?
>
> For example, is there a DOS opportunity in using the home proxy as a
> message-exploder for source-forged SUBSCRIBE requests? Seems like thre
> might be a problem there . . .

Do you mean something as:

  attacker              alice                 bob (victim)
  INVITE (From: bob) ----->
                        SUBSCRIBE ------------->
  INVITE (From: bob) ----->
                        SUBSCRIBE ------------->
  INVITE (From: bob) ----->
                        SUBSCRIBE ------------->
  INVITE (From: bob) ----->
                        SUBSCRIBE ------------->

?


-- 
Iñaki Baz Castillo
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

Follow-Ups:
- Re: [Sip] submission of a new I-D: "Dialog Event foR IdentityVErification"
  - From: Dean Willis

References:
- [Sip] submission of a new I-D: "Dialog Event foR Identity VErification"
  - From: Victor Pascual Ávila
- Re: [Sip] submission of a new I-D: "Dialog Event foR IdentityVErification"
  - From: Iñaki Baz Castillo
- Re: [Sip] submission of a new I-D: "Dialog Event foR IdentityVErification"
  - From: Dean Willis

Prev by Date: Re: [Sip] submission of a new I-D: "Dialog Event foR IdentityVErification"
Next by Date: Re: [Sip] Comment on DERIVE and B2BUAs
Previous by thread: Re: [Sip] submission of a new I-D: "Dialog Event foR IdentityVErification"
Next by thread: Re: [Sip] submission of a new I-D: "Dialog Event foR IdentityVErification"
Index(es):
- Date
- Thread