[SIP SIMPLE client] sylk is not relaying chat messages
Saúl Ibarra Corretgé
saul at ag-projects.com
Mon May 2 10:09:07 CEST 2011
On 04/30/2011 01:23 PM, Juha Heinanen wrote:
> Adrian Georgescu writes:
>
>> It matters if privacy is concerned as relaxing the checks one user
>> could easily impersonate another and copy its private messages.
>
> adrian,
>
> what do you mean by relaxing the checks? how sylk now matches msrp SEND
> to a conference?
>
> if check is based on To-Path and From-Path, then impersonation is not
> that easy especially when SEND is sent over tls.
>
> i don't see how adding From and To headers to SEND improve security.
>
When using MSRP for conferencing, each message needs to have a CPIM
envelope, so that all participants can know who sent the message originally.
The problem is that the room is created using the RURI of the SIP
message, *but* the To header of the MSRP message contains the unchanged
original RURI. When a conference server receives a MSRP message with a
URI that doesn't match himself (the server) it considers it a private
message (http://tools.ietf.org/html/draft-ietf-simple-chat-08).
We can change this so that we also check if the original RURI of the
session matches the room URI.
--
Saúl Ibarra Corretgé
AG Projects
More information about the SIPBeyondVoIP
mailing list