[Standards-JIG] Jingle vs. Zoep

Peter Saint-Andre stpeter at jabber.org
Mon Feb 13 23:35:30 UTC 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

dirk.griffioen at voipster.com wrote:

>>>> as
>>>> secure as both XMPP and SIP are.
>>>>     
> 
> SIP is secure? Authentication is OPTIONAL. From addresses are not
> validated and checked. Interdomain communications ("federation") is
> still a mess. Sure you can use sips: URIs (forcing TCP and TLS) but most
> implementations out there will still use the old sip: URIs (UDP, no
> TLS). It's like Jabber in the jabberd 1.0 days (1999-2000) when we
> didn't have dialback.
> 
>   
>> Does jabber then validate 'from' - in a way more than syntactically
>> checking if things are ok? Maybe I am missing the point, but why is this
>> so important? 

Makes it relatively to do the following:

1. Send unsolicited communications.

2. Launch deregistration attacks.

3. Perform call flooding.

4. Terminate calls from a third party.

5. Hijack sessions.

6. Perform unauthorized call transfers.

7. Register unauthorized devices.

And yes I consider those fairly serious.

Peter

- --
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD8RfCNF1RSzyt3NURAnViAJ9Whinuq1QAyCGmmz3O5zWwv1Mg5gCfU9fk
MbNEyJHmFuUEJdzRgKNGLQM=
=eZl4
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3641 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20060213/bbe90b71/attachment.bin>


More information about the Standards mailing list