Re: [dispatch] draft-lawrence-sip-3rd-party-authorization-00
"Dutkiewicz, Marek" <Marek.Dutkiewicz@polycom.com> Thu, 21 May 2009 22:46 UTC
Return-Path: <Marek.Dutkiewicz@polycom.com>
X-Original-To: dispatch@core3.amsl.com
Delivered-To: dispatch@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1089E3A6EB4 for <dispatch@core3.amsl.com>; Thu, 21 May 2009 15:46:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.089
X-Spam-Level:
X-Spam-Status: No, score=-0.089 tagged_above=-999 required=5 tests=[AWL=-2.511, BAYES_50=0.001, EXTRA_MPART_TYPE=1, HTML_MESSAGE=0.001, SARE_GIF_ATTACH=1.42]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rMknGR0r4m8K for <dispatch@core3.amsl.com>; Thu, 21 May 2009 15:46:58 -0700 (PDT)
Received: from milpmailbhs.milpitas.polycom.com (milpmailbhs.milpitas.polycom.com [140.242.16.3]) by core3.amsl.com (Postfix) with ESMTP id 3611C3A7014 for <dispatch@ietf.org>; Thu, 21 May 2009 15:46:27 -0700 (PDT)
Received: from vanmail01.vancouver.polycom.com ([172.16.1.119]) by milpmailbhs.milpitas.polycom.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 21 May 2009 15:48:05 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/related; boundary="----_=_NextPart_001_01C9DA66.34236386"; type="multipart/alternative"
Date: Thu, 21 May 2009 15:48:03 -0700
Message-ID: <4280DB4085C0FC4BAA41AB503C1024D0069FC1BA@vanmail01.vancouver.polycom.com>
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Thread-Topic: RE: [dispatch] draft-lawrence-sip-3rd-party-authorization-00
Thread-Index: AcnaZjNREhjW++uoT2OEXEwB5W8q5Q==
From: "Dutkiewicz, Marek" <Marek.Dutkiewicz@polycom.com>
To: dispatch@ietf.org
X-OriginalArrivalTime: 21 May 2009 22:48:05.0601 (UTC) FILETIME=[3450F510:01C9DA66]
Subject: Re: [dispatch] draft-lawrence-sip-3rd-party-authorization-00
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dispatch>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 May 2009 22:46:59 -0000
I will lend my voice to the need for a solution to the issue described in draft-lawrence-sip-3rd-party-authorization-00 posted by Scott Lawrence. You can add multi-cast paging to the list of scenarios that are ripe for hacker abuse due to the weak level of authentication/authorization that is in place. I'm dreading the day when a spam attack on an important enterprise casts a shadow over VoIP security similar to the situation encountered by a well known VoIP operator several years ago. The solutions I am aware of that are 'secure' rely on the call server (typically a B2BUA implementation) to enforce authentication/authorization rules. The UAs are configured to authenticate (using Digest Authentication) that SIP signaling is originating from the server. This provides a reasonable level of security. However increasingly I am seeing people wanting to disaggregate the control away from a central server model. This makes sense since this is one of the benefits presented by SIP. However the security implications could be severe. I'm not an expert in this area, so not well qualified to recommend a solution, however one thought is to look at the AAA implementations that are used in the cellular world to see whether this offers any useful insight. Perhaps there could be a central authority that the various SIP elements can turn to whenever they might be concerned about the authenticity or authority of a particular message. Regards Marek _________________________ Marek Dutkiewicz Director, VoIP Product Management Suite 200 3605 Gilmore Way, Burnaby, BC, V5G 4X5 Direct: 604.453.9455 Cell: 604-764-8651 www.polycom.com <http://www.polycom.com/> This communication (including any attachments) may contain privileged or confidential information of Polycom and is intended for a specific individual. If you are not the intended recipient, you should delete this communication, including any attachments without reading or saving them in any manner, and you are hereby notified that any disclosure, copying, or distribution of this communication, or the taking of any action based on it, is strictly prohibited.
- [dispatch] draft-lawrence-sip-3rd-party-authoriza… Scott Lawrence
- Re: [dispatch] draft-lawrence-sip-3rd-party-autho… Dutkiewicz, Marek
- Re: [dispatch] draft-lawrence-sip-3rd-party-autho… fanyanping
- Re: [dispatch] draft-lawrence-sip-3rd-party-autho… Scott Lawrence
- Re: [dispatch] draft-lawrence-sip-3rd-party-autho… fanyanping
- Re: [dispatch] draft-lawrence-sip-3rd-party-autho… Scott Lawrence
- Re: [dispatch] draft-lawrence-sip-3rd-party-autho… Mary Barnes
- Re: [dispatch] draft-lawrence-sip-3rd-party-autho… Dale Worley
- Re: [dispatch] draft-lawrence-sip-3rd-party-autho… Mary Barnes