At Thu, 06 Nov 2008 15:58:52 -0500, Suresh Krishnan wrote: > > Hi Eric, > > Eric Rescorla wrote: > > But then the attacker isn't *intercepting* their communications. > > Alice calls Bob and ends up talking to someone but she knows > > that she doesn't know who. The point is you can't use this to > > mount an MITM attack. > > Again. I agree with what you said. What I was commenting on is the > following text from the draft > > "Bob would know that an attack was happening. The fact that > one side can detect this attack means that in most cases where Alice > and Bob both wish the communications to be encrypted there is not a > problem." > > My question was, how would Bob detect this attack?
Because the previous few sentences explicitly state that this is an MITM: In some cases, answerers will not send an UPDATE and in many calls, some media will be sent before the UPDATE is received. In these cases, no integrity is provided for the fingerprint from Bob to Alice. In this approach, an attacker that was on the signaling path could tamper with the fingerprint and insert themselves as a man-in- the-middle on the media. Alice would know that she had a secure call with someone but would not know if it was with Bob or a man-in-the- middle. Bob would know that an attack was happening. So, Bob would detect this attack by seeing that the attacker's credentials didn't match Alice's asserted identity. Or, he would think (correctly) that he was talking to the attacker, in which case this isn't an attack! -Ekr _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
