On Apr 14, 2008, at 2:29 PM, Eric Rescorla wrote: > > I certainly think this is potentially worth pursuing, but as far > as I can tell, Dean was talking about calls transiting the PSTN, > where none of this stuff applies. >
I'm talking about calls coming from the PSTN and onto the Internet. For the part of the call that spans the internet, we wish to have privacy and integrity protection on the media channel. For providing privacy and integrity protection on the media channel, we have DTLS-SRTP. Privacy and integrity on the media channel are, it seems, dependent on at least integrity in the signaling channel. This is an advantage over SDES, which required both privacy and integrity in the signaling channel. RFC 4474 is used to provide integrity on the signaling channel. We've agreed that calls coming from PSTN gateways cannot initially use RFC 4474 (requiring RFC 4916). Therefore, their signaling is not initially integrity protected end-to-end (although hop-by-hop mechanisms, such as TLS, might be applied). Consequently, they are subject to MITM attacks that do not affect non-gateway calls. What we're arguing about is whether or not anything can be done about this. -- Dean _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
