Timo Teräs writes: > However, I think the delta encoding used for the RR attribute > is flawed. Hostile remote server could rewrite the RR attribute > and/or From/To headers in a way to forge it to something it was not > in the first place. Additionally the delta-encoded RR attribute > breaks if the From/To header isn't exact copy of what we sent. > > Would it not make more sense to just send the real original > header (possibly encrypted) but with a checksum? We could then > verify if someone had clobbered the RR attribute and ignore it. > And we could always restore the original URI even if the URI > we are swapping was modified unexpectedly.
timo, if i understood your concern correctly, brought this security problem up two years ago, but didn't get much understanding: http://lists.sip-router.org/pipermail/sr-users/2009-April/022655.html -- juha _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list [email protected] http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
