That, treating anything that smells like an E.164 like an E.164, may well be common practice. But it seems to me a) it is a practice which is inherently misleading and error prone b) it is a practice we can not sensibly design for / around. c) It is not the working group's problem to repair security flaws introduced by such behavior. It is the vendor's problem.
Yours, Joel M. Halpern Hadriel Kaplan wrote: >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul >> Kyzivat >> Sent: Monday, February 18, 2008 4:07 PM >> >> Joel M. Halpern wrote: >>> Case 1 - No ;user=phone option >>> In the absence of a ;user=phone option, the user part of the SIP URI >>> should be considered an opaque string. It should not be considered an >>> E.164 number, even if it is formatted as a telephone subscriber number. >>> I can legitimately use [EMAIL PROTECTED] as a SIP URI. And >>> if the whitehouse.com deliberate confusion is still active, they could >>> use [EMAIL PROTECTED] as a SIP URI. >>> It is reported that some SIP devices will display the phone number >>> without the domain for such URIs. That is a UI error, not a protocol >>> error. The protocol can not make the UI do the right thing. >> I agree with you. But common practice is otherwise. > > Definitely. If the user part even smells like an e164, it's treated as one > by a lot of folks. :( > > -hadriel > > _______________________________________________ > Sip mailing list http://www.ietf.org/mailman/listinfo/sip > This list is for NEW development of the core SIP Protocol > Use [EMAIL PROTECTED] for questions on current sip > Use [EMAIL PROTECTED] for new developments on the application of sip > _______________________________________________ Sip mailing list http://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
