Couret Tabt
2010-01-17 09:23:37 UTC
Dear folks,
I have a question about SIP Authentication Mechanism below:
In inter-domain (e.g.proxy-proxy) we can use RFC4474(SIP Identity)
for user authentication, but, inside domain, how can a receiver
or a proxy in receiver side authenticate each other?
This means the followings:
CASE 1) Spoofing of Receiver:
After a Receiver's UA registered, without re-register
other user use the address that the former user registered.
(Then the former user is NOT unregistered by the proxy.)
Invite: Alice(in Atlanta) to Bob(in Biloxi)
Alice --->Atlanta--(RFC4474 Authentication)------>Biloxi---->Bob
*But actually,
this is spoofing user
(NOT Bob)
CASE 2)Spoofing of Proxy:
In attacks like Man-in-the-Middle, barge-in user spoof Receiver side Proxy.
Alice --->Atlanta--(RFC4474 Authentication)------>Biloxi---->Bob
*But actually,
this is spoofing proxy
(NOT Biloxi)
If you know it(how to authenticate), please let me know.
*I have studied about SIP more.
Is it appreciate that in this mailing list I have any above discussions?
Please let me know, too.
Thanks,
Tabt
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-***@cs.columbia.edu for questions on current sip
Use ***@ietf.org for new developments on the application of sip
I have a question about SIP Authentication Mechanism below:
In inter-domain (e.g.proxy-proxy) we can use RFC4474(SIP Identity)
for user authentication, but, inside domain, how can a receiver
or a proxy in receiver side authenticate each other?
This means the followings:
CASE 1) Spoofing of Receiver:
After a Receiver's UA registered, without re-register
other user use the address that the former user registered.
(Then the former user is NOT unregistered by the proxy.)
Invite: Alice(in Atlanta) to Bob(in Biloxi)
Alice --->Atlanta--(RFC4474 Authentication)------>Biloxi---->Bob
*But actually,
this is spoofing user
(NOT Bob)
CASE 2)Spoofing of Proxy:
In attacks like Man-in-the-Middle, barge-in user spoof Receiver side Proxy.
Alice --->Atlanta--(RFC4474 Authentication)------>Biloxi---->Bob
*But actually,
this is spoofing proxy
(NOT Biloxi)
If you know it(how to authenticate), please let me know.
*I have studied about SIP more.
Is it appreciate that in this mailing list I have any above discussions?
Please let me know, too.
Thanks,
Tabt
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-***@cs.columbia.edu for questions on current sip
Use ***@ietf.org for new developments on the application of sip