> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Eric Rescorla > Sent: Tuesday, August 05, 2008 1:48 PM > To: Dan Wing > Cc: 'Cullen Jennings'; 'Uzelac,Adam'; 'SIP IETF'; 'Elwell, John' > Subject: Re: [Sip] Thoughts on SIP Identity issues > > >At Tue, 5 Aug 2008 10:26:26 -0700, > Dan Wing wrote: > > > > > -----Original Message----- > > > From: Eric Rescorla [mailto:[EMAIL PROTECTED] > > > Sent: Tuesday, August 05, 2008 9:11 AM > > > To: Dan Wing > > > Cc: 'Eric Rescorla'; 'Elwell, John'; 'Hadriel Kaplan'; > > > 'Jonathan Rosenberg'; 'Cullen Jennings'; 'SIP IETF'; > 'Uzelac, Adam' > > > Subject: Re: [Sip] Thoughts on SIP Identity issues > > > > > > At Tue, 5 Aug 2008 08:54:16 -0700, > > > Dan Wing wrote: > > > > > I haven't spent a long time examining > > > > > draft-kaplan-sip-baiting, but as > > > > > I recall, it's not the fault of 4474 failing to sign > > > > > something that > > > > > it should have but rather that it's inherent in the > > > > > message-oriented > > > > > nature of SIP. > > > > > > > > That distinction is not relevant to the victim. > > > > > > No, the distinction is relevant to the people responsible for > > > technically addressing the issue, namely us. > > > > My interpretation of what you are saying is "SIP is message- > > oriented, so SIP is vulnerable to baiting as described in > > draft-kaplan-sip-baiting, and we can't fix it". > > > > I don't know if that is what you intended to say; if not, > > please clarify. > > What I'm saying is that a message-oriented system like SIP inherently > has replay attacks. If you want to remove replay attacks, you'll > need to do it at a separate layer.
And both draft-fischer-sip-e2e-sec-media and draft-wing-sip-identity-media provide the security at a separate layer: the media layer. > > > I don't actually think this characterization of 4474 is > that accurate. > > > RFC 4474 does not use the IP address for authenticating the media. > > > Rather, it authenticates the IP address as well as the rest of the > > > SDP > > > > Which draft-kaplan-sip-baiting shows is insufficient at its intended > > purpose. > > Well, I guess that's one interpretation, but it's not mine. Yes, I understand it is not your view. -d > -Ekr > _______________________________________________ > Sip mailing list https://www.ietf.org/mailman/listinfo/sip > This list is for NEW development of the core SIP Protocol > Use [EMAIL PROTECTED] for questions on current sip > Use [EMAIL PROTECTED] for new developments on the application of sip _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
