Hi Eric,
Eric Rescorla wrote:
In some cases, answerers will not send an UPDATE and in many calls,
some media will be sent before the UPDATE is received. In these
cases, no integrity is provided for the fingerprint from Bob to
Alice. In this approach, an attacker that was on the signaling path
could tamper with the fingerprint and insert themselves as a man-in-
the-middle on the media. Alice would know that she had a secure call
with someone but would not know if it was with Bob or a man-in-the-
middle. Bob would know that an attack was happening.
So, Bob would detect this attack by seeing that the attacker's
credentials didn't match Alice's asserted identity. Or, he
would think (correctly) that he was talking to the attacker,
in which case this isn't an attack!
I still don't see how Bob detects the attack. Consider the following
message flow.
1) Alice->Bob : INVITE (Fingerprint(Alice)) (No Tampering)
2) Alice->Bob : Certificate(Alice) (No Tampering)
3) Bob->Eve : Certificate(Bob)
4) Eve->Alice : Certificate(Eve)
5) Bob->Eve : 200 OK (Fingerprint(Bob))
6) Eve->Alice : 200 OK (Fingerprint(Eve))
7) Alice->Eve : Media encrypted with Eve's public key
8) Eve->Bob : Media (potentially different from step 7) encrypted with
Bob's public key
After this exchange Eve can intercept and modify media flowing from
Alice to Bob without Bob detecting the attack.
Thanks
Suresh
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
