> Frank, > > So are you asserting that reliable callerid is not needed, or that it > is not possible? > > If its not needed, then I guess sip identity was a waste of time, as > is P-Asserted-ID. From should be good enough. > > The PSTN callerid is to a large extend based on transitive trust, and > is> reliable if the providers are careful. It breaks when providers trust > sources that they shouldn't. Apparently that is becoming an > increasingly common case.
Really ??? Transitive trust seems to have worked reasonable well for the time being .what examples have you found of sources that providers thought they could trust but found they shouldn't have? > If we create a cert-based mechanism similar to 4474 that works for > phone numbers then there should be no way around it other than stealing the > certs. So it should be better than the PSTN. <sigh> > > Paul > > Frank W. Miller wrote: > > > > K, got this just after my response. Inline... > > > > -----Original Message----- > > From: Dean Willis [mailto:[EMAIL PROTECTED] > > Sent: Monday, February 18, 2008 10:49 AM > > To: Frank W. Miller > > Cc: IETF SIP List > > Subject: Re: [Sip] New I-D on RFC4474 and phone numbers > > > > > > On Feb 18, 2008, at 11:07 AM, Frank W. Miller wrote: > > > >> I'm a little confused by the need to "sign" phone numbers. I mean, > >> whomever > >> uses the number makes a call to or from it right? If the receiver > >> of the > >> call doesn't want to talk to whomever calls, don't they just hang > >> up? This > >> seems like a lot of extra work for little gain. > > > > How do they know who called? Can the thing being presented as > caller- > > ID be trusted? > > > > Example use case: > > > > You get a call from "Memorial Hospital" at 999-454-5678. Your child > > was apparently injured at school and is claimed to be in ICU, but > your > > signature is urgently needed before a life-saving procedure can be > > administered. You double-check by calling back 999-454-5678 and get > > the front desk at Memorial Hospital. Just to be sure, you look in > the > > phone book, and yep, that's their number. Of course, you rush to the > > hospital. > > > > FM: Call me crazy but I get weird caller-ids on my phones all the > time now, > > with the trusted PSTN. You don't think that people won't figure out > how to > > circumvent what we do if they really want to? > > > > > > While you're out, the burglar who faked the call cleans out your > house. > > > > Or even more fun: Your neighbors are having a really noisy party. > Call > > 911, faking their phone number as the source, and report a murder- > in- > > progress. Stand by and wait for the SWAT team to show up. > > > > > > FM: Any reasonable person would call the hospital back first before > rushing > > out. Besides, this same trick can be done now with Private or > Blocked in > > the PSTN. > > > > FM > > > > > > > > > > _______________________________________________ > > Sip mailing list http://www.ietf.org/mailman/listinfo/sip > > This list is for NEW development of the core SIP Protocol > > Use [EMAIL PROTECTED] for questions on current sip > > Use [EMAIL PROTECTED] for new developments on the application of sip > > > _______________________________________________ > Sip mailing list http://www.ietf.org/mailman/listinfo/sip > This list is for NEW development of the core SIP Protocol > Use [EMAIL PROTECTED] for questions on current sip > Use [EMAIL PROTECTED] for new developments on the application of sip _______________________________________________ Sip mailing list http://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
