[Standards-JIG] Jingle vs. Zoep
stpeter at jabber.org
Mon Feb 13 23:35:30 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
dirk.griffioen at voipster.com wrote:
>>>> secure as both XMPP and SIP are.
> SIP is secure? Authentication is OPTIONAL. From addresses are not
> validated and checked. Interdomain communications ("federation") is
> still a mess. Sure you can use sips: URIs (forcing TCP and TLS) but most
> implementations out there will still use the old sip: URIs (UDP, no
> TLS). It's like Jabber in the jabberd 1.0 days (1999-2000) when we
> didn't have dialback.
>> Does jabber then validate 'from' - in a way more than syntactically
>> checking if things are ok? Maybe I am missing the point, but why is this
>> so important?
Makes it relatively to do the following:
1. Send unsolicited communications.
2. Launch deregistration attacks.
3. Perform call flooding.
4. Terminate calls from a third party.
5. Hijack sessions.
6. Perform unauthorized call transfers.
7. Register unauthorized devices.
And yes I consider those fairly serious.
Jabber Software Foundation
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3641 bytes
Desc: S/MIME Cryptographic Signature
More information about the Standards