On Apr 18, 2008, at 6:30 PM, Dean Willis wrote: > > On Apr 18, 2008, at 4:38 PM, Ben Campbell wrote: > >> >> On Apr 12, 2008, at 4:00 AM, Dean Willis wrote: >> >> [...] >> >>> If we made it mandatory for a PSTN gateway to assert identities >>> using >>> user=phone and documented that Identity headers over an identity >>> with >>> a user=phone parameter do not assert the "user part" of that >>> identity, >>> then I think we'd have a complete solution. >> >> [...] >> >> I think you would need to extend that to be PSTN gateways that do >> not do some sort of caller authentication. As we discussed >> separately, it's perfectly possible for a PSTN gateway to require a >> PIN from a caller, and therefore be able tp assert a stronger >> identity than it could from caller id. In that scenario, would you >> expect the "user=phone" parameter to apply? >> > > How would you differentiate an an authenticating gateway from a non- > authenticating gateway downstream? >
That's rather the problem. My point is, although there is a lot of correlation between "phone numbers" and "unauthenticated callers", it doesn't always have to be that way. We also assume that calls crossing non-PSTN gateways will have better authentication properties, but it doesn't have to be that way either. Unless we remove all historical meaning from "user=phone", then using it would codify assumptions that are not necessarily true. If we decide that we need a way to signal that an identity assertion is weak, then I think we need a way to do it that is orthogonal to whether the call originated the PSTN. _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
