Agreed. -d
> -----Original Message----- > From: Hadriel Kaplan [mailto:[EMAIL PROTECTED] > Sent: Friday, June 27, 2008 8:06 AM > To: Tschofenig, Hannes (NSN - FI/Espoo); ext Paul Kyzivat; > Hannes Tschofenig > Cc: [email protected]; Elwell, John; Dan Wing > Subject: RE: SIP Identity > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of > > Tschofenig, Hannes (NSN - FI/Espoo) > > > > I am trying to figure out where the problems are: > > > > Now, it would be interesting to hear whether these guys > have actually > > ever turned it on and used it. What was their experience? Did they > > indeed encounter problems with certain SBC configurations? > > I am fairly confident in saying that there could not be an > SBC that wouldn't break 4474 signatures, since it's basically > inherent in the definition of an SBC to modify some of the > things that 4474 signs. (ie, if it's not modifying them, it's > not really acting in an SBC "mode" anymore) > Except of course when the SBC is the signer/verifier. > > > > Would more folks use it when some of the weaknesses on the > E.164 number > > usage are documented? > > I doubt it. Plenty of weaknesses of RTP have been > "documented", which haven't driven SRTP's uptake. It will > take actual real-world cases of abuse to drive it, IMHO. But > by then it will be late. First there's the problem of making > it work across already deployed infrastructure, which 4474 > doesn't, and there can be no "flag day". Given how long it > takes us to standardize things, get them into code/hardware, > and get people to upgrade, we're talking years. That's why I > want to work on it now, just in case we need it in the next few years. > > > > How would a change to the signature algorithm impact the situation? > > By making it work across deployed infrastructure. More and > more Enterprise-SP SIP Trunks are getting added every day, > and inter-SP peering is continually growing. If an Identity > algorithm has a lot of false positives (signatures broken but > the request is really ok), it won't be much use and people > will ignore it. No algorithm has a chance of use if legit calls fail. > > -hadriel _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
