Ok, you guys finally succeeded to convince me: Interception is bad for people!
See also one inline remark below. Peter > -----Ursprüngliche Nachricht----- > Von: ext Dean Willis [mailto:[EMAIL PROTECTED] > Gesendet: Freitag, 26. September 2008 07:33 > An: Schneider, Peter (NSN - DE/Munich) > Cc: [email protected] > Betreff: Re: AW: [Sip] Pub request for > draft-ietf-sip-dtls-srtp-framework-03 > > > On Sep 25, 2008, at 2:51 PM, Schneider, Peter (NSN - DE/Munich) wrote: > >> > > Allowing lawful interception does not imply allowing anyone to > > intercept the communication. You must have access control for the > > facilities that allow lawful interception. Compare this with the > > authentication service described in RFC4474 (SIP identity). Who > > controls that service, can mount a man in the middle attack that > > cannot be detected by the means provided by DTLS-SRTP. > > Which is why DTLS-SRTP allows one to run the AS on the phone, and to > verify the media-channel key fingerprint in voice or out-of-band. If > you do this, you can (assuming your OS hasn't been hacked), detect > MITM attacks to the extend currently provided for by our > mathematics. > That's a lot stronger than what you get by trusting the bored hourly > worker down at the switching center. > Yes, I'm aware of that. If you do have a secure out-of-band channel, you are fine. And voice verification will also be a way for users (not for all, I'd assume). > >> > >> > > Well, making DTLS-SRTP more adequate for 3GPP/TISPAN scenarios > > (excluding lawful interception) without making it weaker > would be a > > good thing - better now? > > That sounds pretty reasonable :-). > > -- > Dean > _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
