On 10/9/07, Paul Kyzivat <[EMAIL PROTECTED]> wrote: > > > > Pars Mutaf wrote: > > > > > > On 10/9/07, *Paul Kyzivat* <[EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>> wrote: > > > > > > > > Pars Mutaf wrote: > > > On 10/9/07, [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]> <mailto: [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>>* > > > < [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>> > > wrote: > > > > > > From: "Pars Mutaf" < [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]> > > > <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>> > > > > > > I'll feel more comfortable if I explain the above > statement > > > to SIP folks. I'm not defending any particular design, I'm > > trying > > > to start some discussion and get more people to the list, > > > and hoping to find the right choices together. > > > > > > What is the problem you are trying to solve? > > > > > > > > > Thanks. I tried to introduce the problem in my first > > > mail which was perhaps too long: > > > http://www1.ietf.org/mail-archive/web/sip/current/msg20618.html > > <http://www1.ietf.org/mail-archive/web/sip/current/msg20618.html> > > > > > > Briefly: the problem is that users cannot publish their > > > identifiers e.g. SIP URIs, for privacy reasons. They are > > > obligated to exchange their contact information manually > > > upon face-to-face contact. But face-to-face contact is not > > > always available, and even if it is available manual > > > exchange is difficult. > > > > Maybe I'm missing something, but it seems to me that what you are > > seeking is exactly the function provided by a sip registrar. Your > > requirements from the referenced mail are: > > > > > Model of operation > > > > > > 1. The querier user types the target user's "human name" (as if > > he were > > > consulting a phonebook), or a pseudoynm. > > > > An AOR: sip:[EMAIL PROTECTED] > > > > > > > > Where did you get this information. It is private. > > > > (I'm not saying that this a problem of SIP. This is general problem.) > > > > Please note that the proposal is comparable to the 'phone book', > > not SIP. > > In order to use a phone book, you must: > - start with the name you know for the person > - canonicalize it to a form that might be listed in a phone book > - choose which phone book to look in. This is effectively a > domain in which names should be unique. > - look up the name to get an address. (This of course doesn't work > if the target doesn't want to disclose the address - an unlisted > number.) > > The above isn't much different from me guessing from your name (Pars > Mutaf) that your user name might be pars.mutaf, and then guessing that > you might be using domain gmail.com. In fact the scale of the problem is > comparable if I don't know where in the world your phone might be > registered.
There is a general privacy requirement which says that SIP URIs shouldn't be predictable (i.e. based on human name). Otherwise you will receive spam, unwanted calls, etc. on your cell phone. I think everybody agrees with that. There is also the domain name problem as you noticed. These make the retrieval or manual exchange of phone numbers difficult. It is worse in that there isn't much consistency with how human names > are mapped to user names. > > It sounds like you are looking for a global registry of mappings from > human names to various sorts of addresses. No :-) (or, I misunderstood) Please see below. That might be something like > ENUM, but with the keys being human names rather than phone numbers. OK perhaps. But human name collisions must be handled. Another solution would be based on multicast DNS, but for local use only, as briefly described at: http://www1.ietf.org/mail-archive/web/sip/current/msg20672.html Given the difficulty there has been in getting a public enum > established, I would anticipate it could be very hard to get agreement > to establish a public registry keyed by human name - there are huge > privacy issues. This is exactly my point. But there is a general misunderstanding. The proposal wasn't clear I think (below is very simplified): 1. The querier types the target human name. 2. The request (e.g. for a phone number) is forwarded to the target user. 3. The target user approves it. 4. The target phone, returns its phone number. I think the 3rd point is being missed (except, I guess, by Dean Willis who made a comparison with consent framework. This is another discussion topic.) Thanks, pars Paul >
_______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
