[reSIProcate] FlowId Class Questions
Alan Hawrylyshen
alan at jasomi.com
Wed Jun 8 18:12:36 CDT 2005
Oops, posting to the list too.
On Jun 8, 2005, at 16:50, Derek MacDonald wrote:
> Dlb & I talked about this; if that pointer isn't in a set of valid
> pointers
> it will be treated as bad. It really doesn't matter if we use a map
> token or
> an existence check by a set in this case.
>
> Once the GruuMonkey is more written FlowId can be tweaked to work
> the other
> way.
>
>
I disagree -- pointers will follow a particular pattern and a
malicious client will be able to convince you to use someone else's
response context or connection by guessing a flowid. I would argue
that a map, with random keys is a lightweight approach that mitigates
this attack.
You don't want to answer the question "is this pointer valid?" but
"is this pointer valid for this SIP transaction / context?".
Therefore, in order to prevent a trivial attack mechanism, there
needs to be some way of preventing the 'wire-space' people from
suggesting a flowid. This can be done with randomization and a
porous key-space or by incorporating some sort of message
authentication technique for the flowid. I get the shivers thinking
about taking a pointer value or index from the wire without a way to
qualify it to the appropriate scope.
Thoughts?
A
More information about the resiprocate-devel
mailing list