On Feb 19, 2008, at 11:34 AM, .:: Francesco la Torre ::. wrote: > IMO authenticated but private is something more then not > authenticated. > In first case, you know that on the other end there is an > authenticated > user for that domain, in the second one there is a complete lack of > identity ... this entails that there is no reasons why sip uri (e.g. > [EMAIL PROTECTED]) cannot be signed by authentication service. > Of what value to a recipient is an authenticated From:[EMAIL PROTECTED] ? Or a phished [EMAIL PROTECTED]
In the absence of a reputation service and separate authentication of the source domain I don't see any at all. What are your assumed preconditions for this authentication to have value? These need explicit statement. > This uri may be used for special scenarios generating the value you > are > looking for. > > Francesco la Torre > > IIT-National Research Counsil > Security Session > Pisa, Italy > > Il giorno mar, 19/02/2008 alle 11.04 -0500, Paul Kyzivat ha scritto: >> >> .:: Francesco la Torre ::. wrote: >>> According some general privacy considerations, from an >>> authentication >>> service's point of view, an anonymous may be a known user in his >>> domain >>> that he has authenticated, but he's keeping its identity private. >>> Nothing strange. >> >> Fine. But what value does that bring to the recipient, compared to no >> authenticated identity at all? >> >> Paul >> >>> Francesco la Torre >>> >>> IIT-National Council Research >>> Security Session >>> Pisa, Italy >>> >>> Il giorno mar, 19/02/2008 alle 10.37 -0500, Paul Kyzivat ha scritto: >>>> Why would you want sip-identity for an anonymous From address? >>>> >>>> IMO it is perfectly fine to provide an address with no identity. >>>> >>>> Paul >>>> >>>> Mayumi Munakata wrote: >>>>> All; >>>>> >>>>> I have just submitted a new version of ua-privacy draft. >>>>> http://www.ietf.org/internet-drafts/draft-ietf-sip-ua-privacy-01.txt >>>>> >>>>> Thanks to John Elwell for his comprehensive review, >>>>> we managed to make a lot of editorial corrections >>>>> and some technical. >>>>> >>>>> One profound open issue we have is on how to get an >>>>> anonymous URI for a From header. While we can use a >>>>> temp-gruu for a Contact header, there is no mechanism >>>>> to obtain a functional anonymous URI for the From >>>>> header or any other headers that houses URIs. >>>>> >>>>> RFC3323 recommends to use "[EMAIL PROTECTED]" >>>>> for an anonymous URI in a From header. However, this >>>>> impedes the use of SIP-Identity, as SIP-Identity >>>>> mandates the domain portion of the "From" URI and >>>>> that of "Identity-Info" to match. >>>>> >>>>> One of the expired draft written by Jonathan, attempted >>>>> to use the GRUU to get this functional yet anonymous URI >>>>> to address this issue. >>>>> http://ietfreport.isoc.org/idref/draft-rosenberg-sip-identity-privacy/ >>>>> >>>>> I can see few ways forward. >>>>> >>>>> 1. Suggest the use of [EMAIL PROTECTED]'s domain name}, which >>>>> verifier then can verify the signature's validity as >>>>> domain portion of the URI and that of Identity-Info matches. >>>>>>> If SIP-Identity is used, the domain is given away anyhow >>>>> in the Identity-Info, so what is the point of hiding the >>>>> domain in the From header? >>>>> >>>>> 2. Make a note that SIP-Identity will not function when >>>>> [EMAIL PROTECTED] is used. >>>>>>> Describe the caveat that verifier is likely to fail the >>>>> request or suggest that Authentication Service does not >>>>> add Identity-Info/signature. >>>>> >>>>> 3. Extend GRUU to support mechanism that Rosenberg suggested. >>>>> >>>>> Does anybody has any preferences or any other suggestions? >>>>> >>>>> Regards, >>>>> Mayumi >>>>> >>>>> _______________________________________________ >>>>> Sip mailing list http://www.ietf.org/mailman/listinfo/sip >>>>> This list is for NEW development of the core SIP Protocol >>>>> Use [EMAIL PROTECTED] for questions on current sip >>>>> Use [EMAIL PROTECTED] for new developments on the application of >>>>> sip >>>>> >>>> _______________________________________________ >>>> Sip mailing list http://www.ietf.org/mailman/listinfo/sip >>>> This list is for NEW development of the core SIP Protocol >>>> Use [EMAIL PROTECTED] for questions on current sip >>>> Use [EMAIL PROTECTED] for new developments on the application of sip >>> > _______________________________________________ > Sip mailing list http://www.ietf.org/mailman/listinfo/sip > This list is for NEW development of the core SIP Protocol > Use [EMAIL PROTECTED] for questions on current sip > Use [EMAIL PROTECTED] for new developments on the application of sip _______________________________________________ Sip mailing list http://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
