On Mar 14, 2008, at 9:25 AM, Dean Willis wrote: > > On Mar 13, 2008, at 7:08 PM, Paul Kyzivat wrote: > >> >> >> Dean Willis wrote: >> >>> How about: >>> From: +12142821376 <sip:[EMAIL PROTECTED]> >> >> Are we now assuming that 4474 vouches for the correctness of the >> display name? > > No, we're not. We're assuming that since we can't verify the > contents of the display name, that having such information signed by > RFC 4474 would be a Bad Thing.
Let me restate that: signing the display name (or anything else) that we can't verify is a Bad Thing unless we explicitly state that the thing we're signing is uncertain, in such a way that receivers can understand that this thing is uncertain. This gives us two choices -- not signing things that look like numbers, or including a warning flag in the signed material that indicates that the indicated aspect of the thing we're signing was not authenticated. -- Dea _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
