Hi Eric,
Eric Rescorla wrote:
I still don't see how Bob detects the attack. Consider the following
message flow.
1) Alice->Bob : INVITE (Fingerprint(Alice)) (No Tampering)
2) Alice->Bob : Certificate(Alice) (No Tampering)
3) Bob->Eve : Certificate(Bob)
4) Eve->Alice : Certificate(Eve)
5) Bob->Eve : 200 OK (Fingerprint(Bob))
6) Eve->Alice : 200 OK (Fingerprint(Eve))
7) Alice->Eve : Media encrypted with Eve's public key
8) Eve->Bob : Media (potentially different from step 7) encrypted with
Bob's public key
After this exchange Eve can intercept and modify media flowing from
Alice to Bob without Bob detecting the attack.
Well, I think there is some question about whether this is an attack.
Everyone's beliefs about the system are correct:
1. Alice thinks she's talking to Eve. She is.
Yes.
2. Bob thinks he's talking to Eve. She is.
Not really. Bob thinks he is talking to Alice. The identity, fingerprint
and certificate of his peer in the signaling exchange belong to Alice.
He is encrypting all the outgoing media for Alice.
Thanks
Suresh
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
