... > Sure, but again, that requires examining every single piece > of the message > which you wish to exampt from the signature and determine whether > there is some important attack that can be mounted by modifying > that section. As I noted above, those questions are not necessarily > immediately apparent.
Implicit in that argument is that 4474 got it right. We know it already isn't done correctly with RFC4474 for unidirectional media (draft-kaplan-sip-baiting-attack). To get bi-directional media, an attacker would need to share a NAT or a TURN server with the identity they want to spoof (e.g., a bank, a pizza restaurant, a political organization), and the attacker would need to obtain the same UDP port from the NAT or TURN server within RFC4474's replay window (which is recommended to be 10 minutes). -d _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
