[OpenSIPS-Users] Multi-domain and reinvite authentications

Thomas Gelf thomas at gelf.net
Tue Oct 27 10:46:13 CET 2009


Iñaki Baz Castillo wrote:
> Yes. In case teh attacker intercepts the initial INVITE he would know a nonce 
> which could be valid within some minutes, so the attacker could do things 
> worse than just ending a dialog or spoofing a re-INVITE.

Exact!

> What we need is further TLS usage :)

ACK. And a better world.

Cheers,
Thomas

-- 
 mail: thomas at gelf.net
  web: http://thomas.gelf.net/




More information about the Users mailing list