On Sep 25, 2008, at 2:51 PM, Schneider, Peter (NSN - DE/Munich) wrote:
Allowing lawful interception does not imply allowing anyone to intercept the communication. You must have access control for the facilities that allow lawful interception. Compare this with the authentication service described in RFC4474 (SIP identity). Who controls that service, can mount a man in the middle attack that cannot be detected by the means provided by DTLS-SRTP.
Which is why DTLS-SRTP allows one to run the AS on the phone, and to verify the media-channel key fingerprint in voice or out-of-band. If you do this, you can (assuming your OS hasn't been hacked), detect MITM attacks to the extend currently provided for by our mathematics. That's a lot stronger than what you get by trusting the bored hourly worker down at the switching center.
Well, making DTLS-SRTP more adequate for 3GPP/TISPAN scenarios (excluding lawful interception) without making it weaker would be a good thing - better now?
That sounds pretty reasonable :-). -- Dean _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
