[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] draft-state-sip-relay-attack-00

To: Theo Zourzouvillys <theo at crazygreek.co.uk>
Subject: Re: [Sip] draft-state-sip-relay-attack-00
From: Hadriel Kaplan <HKaplan at acmepacket.com>
Date: Sat, 7 Mar 2009 17:39:59 -0500
Accept-language: en-US
Acceptlanguage: en-US
Cc: "sip at ietf.org" <sip at ietf.org>, Dan Wing <dwing at cisco.com>
Delivered-to: sip at core3.amsl.com
In-reply-to: <167dfb9b0903071326u7a44d55fub7ebdb426460ce61 at mail.gmail.com>
List-archive: <http://www.ietf.org/mail-archive/web/sip>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <49AE593F.6080807 at iptel.org> <0a8001c99d0f$0b21e210$c2f0200a at cisco.com> <49AF9FC8.2020200 at iptel.org> <E6C2E8958BA59A4FB960963D475F7AC314C46BD96D at mail> <20090307195045.GC4364 at x61s.janakj.ryngle.net> <E6C2E8958BA59A4FB960963D475F7AC314C4DE62A5 at mail> <167dfb9b0903071326u7a44d55fub7ebdb426460ce61 at mail.gmail.com>
Thread-index: Acmfa1y7mzEa2TTeSzyWMntAalBFBAABboDw
Thread-topic: [Sip] draft-state-sip-relay-attack-00

> -----Original Message-----
> From: Theo Zourzouvillys [mailto:theo at crazygreek.co.uk]
> Sent: Saturday, March 07, 2009 4:26 PM
>
> hmm, the above paragraph could almost have been talking about
> AOL/compuserv vs a "real" ISP 15 years ago :-)

Indeed. :)
And email has been getting less spam and phishing and viruses ever since.  And email has an even stronger architecture for security than SIP in some ways, ironically.  And less impact on the user-experience when it fails.  In many ways SIP's user-experience model is closer to IM than email, but with some worse security properties.  (and it's debatable if one would call IM "open", or end-to-end)

But even in that context of closed vs. open, you find web hosts having to employ strong and stronger means of user authentication, such as captcha's, and connection-layer security, such as TLS.  If the open SIP providers don't employ some counter-measures for spoofing, user authentication, and service control, then they will when the issues crop up. (if they have enough users to make attacking them interesting, which is the big "if")

But anyway, that's why I want a SIP Identity mechanism that actually works, fwiw.

-hadriel

Follow-Ups:
- Re: [Sip] draft-state-sip-relay-attack-00
  - From: Theo Zourzouvillys

References:
- [Sip] draft-state-sip-relay-attack-00
  - From: Raphael Coeffic
- Re: [Sip] draft-state-sip-relay-attack-00
  - From: Dan Wing
- Re: [Sip] draft-state-sip-relay-attack-00
  - From: Raphael Coeffic
- Re: [Sip] draft-state-sip-relay-attack-00
  - From: Hadriel Kaplan
- Re: [Sip] draft-state-sip-relay-attack-00
  - From: Jan Janak
- Re: [Sip] draft-state-sip-relay-attack-00
  - From: Hadriel Kaplan
- Re: [Sip] draft-state-sip-relay-attack-00
  - From: Theo Zourzouvillys

Prev by Date: Re: [Sip] I-D Inaction: draft-kaplan-sip-secure-call-id-00.txt
Next by Date: Re: [Sip] draft-state-sip-relay-attack-00
Previous by thread: Re: [Sip] draft-state-sip-relay-attack-00
Next by thread: Re: [Sip] draft-state-sip-relay-attack-00
Index(es):
- Date
- Thread