On Aug 14, 2007, at 12:02 AM, Cullen Jennings wrote:
I will note that we do have security mechanism to provide
confidentially over the bodies (but not headers) for attacks from
proxies we do not have a trust relationship with - and this is one
of the aspects used in determining if certain semantics might be
better in a body or header.
Cullen <with my individual hat on>
PS - I fail to see how sipsec will help with the basic problem of
if Alice sends a call to a proxy and the proxy routes the call to
some evil user instead of sending it to Bob.
Since the TLS connection of sipsec is established UA to UA, the
evildoer in your example would have to have Bob's cert (aka "private
key"). If the evildoer does not have Bob's cert, Alice will be able
to tell that the evildoer is not Bob.
Of course, this requires a workable public key infrastructure. But
then we think we're getting one of those from draft-ietf-sip-certs,
so maybe this is doable after all.
--
Dean
_______________________________________________
Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
