At Mon, 14 Apr 2008 13:09:19 -0700, Dan Wing wrote: > > > > ... > > > > I agree it's far from ideal. There are two possible solutions > > > > to this sort of problem: > > > > > > > > - Some sort of authenticated history mechanism that gives > > > > the gateway > > > > confidence that the call was routed correctly > > > > > > A different take on a solution (aimed at ssh and self-signed HTTP > > > certificates) is discussed at: > > > http://www.cs.cmu.edu/~dwendlan/perspectives/ > > > > I don't see how the technique described here can plausibly work > > with SIP, given that they rely on probes from different locations > > getting the same response, which is not a requirement for SIP. > > If there is only one entity that 'owns' an identity -- which is > absolutely the case with email-style URIs with SIP -- it would > work.
I think we're taklking past each other. There are two issues: - being able to determine whether a given entity should be able to assert "[EMAIL PROTECTED]". Yes, one could use some technique like the one described here to do that, but we already have a technique for that, described in RFC 4474, so I don't see an advantage. - being able to determine whether the fact that my call to [EMAIL PROTECTED] was answered by [EMAIL PROTECTED] was OK. This can't be resolved in this way because the routing may depend on From. -Ekr _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
