Hadriel Kaplan wrote: > John, can you elaborate more on the straw-man proposal? I'm not sure > I fully grok it. > > When I commented at the mic that the problem with such a concept, > assuming I understand the proposal, is that there is nothing stopping > any middle-man or frankly anything on the planet from simply signing > a [EMAIL PROTECTED], for their domain name. Jonathan's response I > think was "well that makes it the same strength as PSTN". But this > makes it effectively useless to sign or verify. Why bother signing? > Just use PAID. (which may well be the final result of all this > discussion)
You MUST sign in order to be able to use DTLS-SRTP effectively. This means that even PSTN-grade identities have to be signed. So we we either have to change DTLS-SRTP to not have this dependency, or we have to find a way to mark the PSTN-grade ones appropriately so that they are not taken seriously as a strong identity. Adam's approach solves this better than us1ing PAID, as 1) we could NOT have DTLS-SRTP (a standareds-track doc) with a normative reference to RFC 3325 (an informational track doc). Further, the same problem applies -- even with RFC 3325, it would be good to differentiate strong identities from PSTN-grade identities. -- dean _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
