[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] Another possible limitation of DERIVE

To: "Hadriel Kaplan" <HKaplan at acmepacket.com>
Subject: Re: [Sip] Another possible limitation of DERIVE
From: "Victor Pascual Ávila" <victor.pascual.avila at gmail.com>
Date: Wed, 19 Nov 2008 22:58:45 +0100
Cc: IETF SIP List <sip at ietf.org>, "Elwell, John" <john.elwell at siemens.com>
Delivered-to: ietfarch-sip-archive at core3.amsl.com
Delivered-to: sip at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=6OrZMzchetGAuDuDE9CR1FvCqi+hbzMNVas6GvfCRbg=; b=cYsGjMYWrkHO7kbGxXSLvZHieVV/i61NBtLwEOJYSdRwsMETyGDHe/f501qw35pVj9 Mgbzl3gMkzk2trQty4eaB6SIhqd5K6bxFF9A4LlnI1ioPpmCNAOVLdxRt1HCHYz8FqyC Ly6lF/e33aMGwffqnHWJv+/Q4S7iG+HuNjlM8=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=E1A48ru+5XLqNUadSgcA1QhbJDvMrnyikRcBvylDXt8Nl1WF95qvVEXmhnke0ZJmiK S9csnO8jzNqFNCWV4ozBa7Uzt3uoULD00MB1r9aQnmwKuPW779ZyohLk/AJfLeO6emnS VJJmOXKdWrBjxWtpLs2kmviy50jM5pabn/AtM=
In-reply-to: <E6C2E8958BA59A4FB960963D475F7AC313720E5EAF at mail>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <0D5F89FAC29E2C41B98A6A762007F5D001483038 at GBNTHT12009MSX.gb002.siemens.net> <E6C2E8958BA59A4FB960963D475F7AC313720E5EAF at mail>
Sender: sip-bounces at ietf.org

On Wed, Nov 19, 2008 at 9:39 PM, Hadriel Kaplan <HKaplan at acmepacket.com> wrote:
> BTW, I think it still is subject to the Baiting attack.  I make a Bank call me, and I then re-use its call-id+tag in an INVITE I send to you.  Since it's the same call-id and tag, Bank will say "yes I'm making that call".

In the current spec, all subscriptions should be authorized before
approval and a caller (Bank) should accept subscribe requests only
from URIs to which it has sent an INVITE-request (Hadriel).
-- 
Victor Pascual Ávila
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

References:
- [Sip] Another possible limitation of DERIVE
  - From: Elwell, John
- Re: [Sip] Another possible limitation of DERIVE
  - From: Hadriel Kaplan

Prev by Date: Re: [Sip] Another possible limitation of DERIVE
Next by Date: Re: [Sip] Another possible limitation of DERIVE
Previous by thread: Re: [Sip] Another possible limitation of DERIVE
Next by thread: Re: [Sip] Another possible limitation of DERIVE
Index(es):
- Date
- Thread