Dan Wing wrote:
Yes, it also modifies part of the request which are not signed by the authentication/signature algorithm. I should mention this draft in a later version.Thanks for publishing that attack. It has similarities with the attack described by Hadriel in http://tools.ietf.org/html/draft-kaplan-sip-baiting-attack.
However, the goal is not the same. Hadriel's draft is focused on impersonation, whereby the other draft is focused on breaking the authentication done at the proxy. The second difference is that it works right now with any publicly reachable SIP provider.
Raphael.