[VOIPSEC] [Fwd: draft-state-sip-relay-attack-00]
Zmolek, Andrew (Andy)
zmolek at avaya.com
Fri Mar 6 13:25:10 CST 2009
TLS isn't the problem, per se. (although it's true enough that not many stack vendors support it well and scalability can be an issue which is why the carriers aren't as anxious to implement it). It's the certificate management around it that's the challenge and finding a forum for all the right parties to agree on a set of certificate management best practices for SIP TLS interoperability is something in which perhaps VOIPSA can play a future role going forward.
/\\//\Y/\ Andy Zmolek | zmolek at avaya.com | 303-538-6040
GCS Security Technology Development | Avaya, Inc.
-----Original Message-----
From: voipsec-bounces at voipsa.org [mailto:voipsec-bounces at voipsa.org] On Behalf Of Iñaki Baz Castillo
Sent: Wednesday, March 04, 2009 12:13 PM
To: voipsec at voipsa.org
Subject: Re: [VOIPSEC] [Fwd: draft-state-sip-relay-attack-00]
El Miércoles, 4 de Marzo de 2009, Ali Fessi escribió:
> One possible way to alleviate the problem could be that UAs must
> verify the identity of the other party, e.g. with a TLS tunnel and a
> certificate, before replying to a challenge (this would prevent Alice
> UA to reply to the challenge coming from Bob in message F8).
I don't think TLS is a feasible solution for SIP *today*. Not widely implemented and not well implemented.
--
Iñaki Baz Castillo
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list