Re: [Sip] RFC 4474 and PSTN

Wed, 09 Apr 2008 09:54:18 -0700 

Dean Willis wrote:
> On Apr 4, 2008, at 9:01 PM, Michael Thomas wrote:
>   
>> Wait a minute: are we talking about cross-domain Identity being
>> used as credentials to access voice mail in another domain? Because
>> if it's only within a given domain's administrative control, it can  
>> know
>> the name space layout through out of band means. That is, it can know
>> if the names that it generates to gateway e.164 addresses are bogus
>> addresses to get at voice  mail, etc.
>>
>> If it's the cross domain case, can you tell me the use case?
>>
>>     
>
> RFC 4474 is a cross-domain authenticator.
>
> Use case:
>
> sip:[EMAIL PROTECTED] calls his voice mail provider's message  
> retrieval box, sip:messages.example.net
>
> Since example.net trusts example.com's RFC 4474 assertions, the  
> voicemail box at messages.example.net does not authenticate JoeBobs'  
> request. Instead, it accepts on trust that example.com authenticated  
> him, and plays out JoeBob's messages.
>
> This is AFAIK a valid use case for RFC 4474.
>   

It's a _valid_ use case, but is it a _real_ use case? That is, is there
anybody out there using cross realm credentials in that way? Even
cellular isn't handled in that way because my sim is still with my
home provider even if I've roamed...

But even if that's the case, why would weakening the assertion
be useful? The two domains would obviously need to know quite
a bit about each other, so it's not clear to me why this
knowledge needs to be shipped inband.
> Now, assume JoeBob is instead named "[EMAIL PROTECTED]". All of  
> the above works fine, until somebody calls into example.com's PSTN  
> gateway from a spoofed Caller-ID of "18005551212" and asks said  
> gateway to connect them to messages.example.net
>   

So just don't sign it. Or sign it as @example.com. Or just tell the voice
mail provider not to create voice mail boxes for users with [EMAIL PROTECTED]
like addresses. This really seems tenuous to me, Dean.

       Mike
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip

Reply via email to