[Standards-JIG] Jingle vs. Zoep
dgriffioen at voipster.com
Wed Feb 15 23:08:30 UTC 2006
Peter Saint-Andre wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>dirk.griffioen at voipster.com wrote:
>>>>>secure as both XMPP and SIP are.
>>SIP is secure? Authentication is OPTIONAL. From addresses are not
>>validated and checked. Interdomain communications ("federation") is
>>still a mess. Sure you can use sips: URIs (forcing TCP and TLS) but most
>>implementations out there will still use the old sip: URIs (UDP, no
>>TLS). It's like Jabber in the jabberd 1.0 days (1999-2000) when we
>>didn't have dialback.
>>>Does jabber then validate 'from' - in a way more than syntactically
>>>checking if things are ok? Maybe I am missing the point, but why is this
>Makes it relatively to do the following:
>1. Send unsolicited communications.
>2. Launch deregistration attacks.
>3. Perform call flooding.
>4. Terminate calls from a third party.
>5. Hijack sessions.
>6. Perform unauthorized call transfers.
>7. Register unauthorized devices.
>And yes I consider those fairly serious.
You are absolutely right.
But, and I hope this shines through from my other mails a well, for
pc2pc your list does not hold, since all issues are XMPP related - SIP
is used for state and session parameters etc, not the addressing part.
For pc2pstn (and vice versa) the Jingle-SIP gateway would face the same
problems, so maybe we should solve those?
Is there a Jingle-SIP gateway available? I believe someone mentioned
this here on the mailing list...
We are in the process of making a SIP-XMPP gateway (most likely GPL too)
and maybe we can compare notes here?
>Jabber Software Foundation
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.1 (Darwin)
>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Standards