[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] Another possible limitation of DERIVE

To: Hadriel Kaplan <HKaplan at acmepacket.com>
Subject: Re: [Sip] Another possible limitation of DERIVE
From: Dean Willis <dean.willis at softarmor.com>
Date: Fri, 21 Nov 2008 10:06:43 -0600
Cc: IETF SIP List <sip at ietf.org>, "Elwell, John" <john.elwell at siemens.com>
Delivered-to: ietfarch-sip-archive at core3.amsl.com
Delivered-to: sip at core3.amsl.com
In-reply-to: <E6C2E8958BA59A4FB960963D475F7AC31374153D4E at mail>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <0D5F89FAC29E2C41B98A6A762007F5D001483038 at GBNTHT12009MSX.gb002.siemens.net> <49257408.5000301 at iptel.org> <0D5F89FAC29E2C41B98A6A762007F5D0014839F8 at GBNTHT12009MSX.gb002.siemens.net> <EB7233C9-E4EB-4B5E-8A56-A9366C1F9828 at softarmor.com> <E6C2E8958BA59A4FB960963D475F7AC31374153D4E at mail>
Sender: sip-bounces at ietf.org


On Nov 21, 2008, at 10:04 AM, Hadriel Kaplan wrote:

-----Original Message-----
From: sip-bounces at ietf.org [mailto:sip-bounces at ietf.org] On BehalfOf Dean
Willis
Sent: Friday, November 21, 2008 10:56 AM
I crate a CA cert claiming to be for "elwell.org" and use it tosign a
cert for "sip.elwell.org".
I then generate INVITE requests for everybody on the SIP mailinglist,
with RFC 4474 Identity headers signed by "sip.elwell.org" and send
them off UDP. Not from a real SIP UP, but from a simple harassment
program.

How do existing identity mechanisms protect against this?
The answer to that is simple: will you pay for the calls?

Pay? I have yet to pay (beyond the basic transport cost) for a SIPcall using a domain-style address.


--
Dean
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

References:
- [Sip] Another possible limitation of DERIVE
  - From: Elwell, John
- Re: [Sip] Another possible limitation of DERIVE
  - From: Jiri Kuthan
- Re: [Sip] Another possible limitation of DERIVE
  - From: Elwell, John
- Re: [Sip] Another possible limitation of DERIVE
  - From: Dean Willis
- Re: [Sip] Another possible limitation of DERIVE
  - From: Hadriel Kaplan

Prev by Date: Re: [Sip] INFO Framework: Tags
Next by Date: Re: [Sip] INFO Framework: Tags
Previous by thread: Re: [Sip] Another possible limitation of DERIVE
Next by thread: Re: [Sip] Another possible limitation of DERIVE
Index(es):
- Date
- Thread