[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] draft-state-sip-relay-attack-00

To: Hadriel Kaplan <HKaplan at acmepacket.com>
Subject: Re: [Sip] draft-state-sip-relay-attack-00
From: Theo Zourzouvillys <theo at crazygreek.co.uk>
Date: Sat, 7 Mar 2009 23:23:25 +0000
Cc: "sip at ietf.org" <sip at ietf.org>, Dan Wing <dwing at cisco.com>
Delivered-to: sip at core3.amsl.com
In-reply-to: <E6C2E8958BA59A4FB960963D475F7AC314C4DE62C1 at mail>
List-archive: <http://www.ietf.org/mail-archive/web/sip>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <49AE593F.6080807 at iptel.org> <0a8001c99d0f$0b21e210$c2f0200a at cisco.com> <49AF9FC8.2020200 at iptel.org> <E6C2E8958BA59A4FB960963D475F7AC314C46BD96D at mail> <20090307195045.GC4364 at x61s.janakj.ryngle.net> <E6C2E8958BA59A4FB960963D475F7AC314C4DE62A5 at mail> <167dfb9b0903071326u7a44d55fub7ebdb426460ce61 at mail.gmail.com> <E6C2E8958BA59A4FB960963D475F7AC314C4DE62C1 at mail>

On Sat, Mar 7, 2009 at 10:39 PM, Hadriel Kaplan <HKaplan at acmepacket.com> wrote:

> And email has been getting less spam and phishing and viruses ever since.

SIP also has one major advantage than email does: we've not *yet* got
the same penetration that SMTP did when it started really suffering.
Although I do see exactly the same apathy to the problem in voice
service providers and network operators now that I did in ISPs 10
years ago: "not a problem yet, can't afford to spend time on that".

> If the open SIP providers don't employ some counter-measures for spoofing, user authentication, and service control, then they will when the issues crop up.

It's difficult to do *that* much: a lot of the counter-measures need
support from the endpoint vendors for various features.  A look at the
quality (or even existence) of mutual TLS and related things in almost
all UAs speaks loads on their interest in such matters!

> But anyway, that's why I want a SIP Identity mechanism that actually works, fwiw.

i'll give 10 pounds (of the Great British variety) and a bottle of
sheppy's finest Somerset cider to whoever comes up with such a thing.

 ~ Theo

References:
- [Sip] draft-state-sip-relay-attack-00
  - From: Raphael Coeffic
- Re: [Sip] draft-state-sip-relay-attack-00
  - From: Dan Wing
- Re: [Sip] draft-state-sip-relay-attack-00
  - From: Raphael Coeffic
- Re: [Sip] draft-state-sip-relay-attack-00
  - From: Hadriel Kaplan
- Re: [Sip] draft-state-sip-relay-attack-00
  - From: Jan Janak
- Re: [Sip] draft-state-sip-relay-attack-00
  - From: Hadriel Kaplan
- Re: [Sip] draft-state-sip-relay-attack-00
  - From: Theo Zourzouvillys
- Re: [Sip] draft-state-sip-relay-attack-00
  - From: Hadriel Kaplan

Prev by Date: Re: [Sip] draft-state-sip-relay-attack-00
Next by Date: Re: [Sip] draft-ietf-sip-info-events-03: comments and questions
Previous by thread: Re: [Sip] draft-state-sip-relay-attack-00
Next by thread: Re: [Sip] draft-state-sip-relay-attack-00
Index(es):
- Date
- Thread