From: Paul Kyzivat <[EMAIL PROTECTED]> Use of the From to validate the subscription prevents casual monitoring of callee availability. The subscription would only be authorized if there was a call attempt with that From address that is still eligible for CC.
And the From URI is a datum that is already carried end-to-end. Admittedly it isn't very strong. If you can guess somebody who has made a call attempt you can bypass this. But it might be strong enough for the purpose. How is it worse that making the call attempt and canceling the call after the first provisional response? The presence of the subscription, with its routing info, allows the callee to identify who is watching if they are paranoid about it. That is true -- the callee's monitor has a considerable amount of information about the CC subscriber, and can police the subscriptions for suspicious behavior. For example, subscriptions that last too long; subscriptions that when given the go-ahead, do not execute CC recall; or subscriptions that are always in "unavailable" state. And I suppose this could be combined with some other sort of authorization. There could be one mechanism with a cookie for those who can support it, and this weaker mechanism could require some special credential or a whitelist, that was by policy restricted to gateways. That's true, too. The authorization decision is made unilaterally by the callee's monitor, allowing different monitors to enforce different policies. And in many PSTN-to-SIP applications, the set of gateways that can route a PSTN call to the callee is knowable. If we incorporate any "cookie" (that is, a identifying datum carried from the UAS of the original call, to the UAC, to be presented with CC subscribe or CC recall) as part of the callee's monitor's URI (which we intend to be utilizing anyway), then the choice between these authorization mechanisms is entirely in the hands of the callee's monitor. Dale _______________________________________________ BLISS mailing list [email protected] https://www.ietf.org/mailman/listinfo/bliss
