At Fri, 07 Nov 2008 10:40:34 -0500, Suresh Krishnan wrote: > > Hi Eric, > > Eric Rescorla wrote: > > In some cases, answerers will not send an UPDATE and in many calls, > > some media will be sent before the UPDATE is received. In these > > cases, no integrity is provided for the fingerprint from Bob to > > Alice. In this approach, an attacker that was on the signaling path > > could tamper with the fingerprint and insert themselves as a man-in- > > the-middle on the media. Alice would know that she had a secure call > > with someone but would not know if it was with Bob or a man-in-the- > > middle. Bob would know that an attack was happening. > > > > So, Bob would detect this attack by seeing that the attacker's > > credentials didn't match Alice's asserted identity. Or, he > > would think (correctly) that he was talking to the attacker, > > in which case this isn't an attack! > > I still don't see how Bob detects the attack. Consider the following > message flow. > > 1) Alice->Bob : INVITE (Fingerprint(Alice)) (No Tampering) > 2) Alice->Bob : Certificate(Alice) (No Tampering) > 3) Bob->Eve : Certificate(Bob) > 4) Eve->Alice : Certificate(Eve) > 5) Bob->Eve : 200 OK (Fingerprint(Bob)) > 6) Eve->Alice : 200 OK (Fingerprint(Eve)) > 7) Alice->Eve : Media encrypted with Eve's public key > 8) Eve->Bob : Media (potentially different from step 7) encrypted with > Bob's public key > > After this exchange Eve can intercept and modify media flowing from > Alice to Bob without Bob detecting the attack.
Well, I think there is some question about whether this is an attack. Everyone's beliefs about the system are correct: 1. Alice thinks she's talking to Eve. She is. 2. Bob thinks he's talking to Eve. She is. Note that in this particular case, Alice would presumably hang up the phone as soon as she realized that Eve gave her a certificate that wasn't what she expected. The case in which Alice doesn't detect it is where Eve doesn't provide a cert and so Alice thinks she's talking to an unknown person. -Ekr _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
