On Jul 2, 2008, at 4:54 AM, Paul Kyzivat wrote:
In both of these cases, the assurances of DTLS-SRTP provides in
terms of data origin integrity and confidentiality are necessarily
no better than SIP provides for signalling integrity when RFC 4474
is used. Implementors should therefore take care not to indicate
misleading peer identity information in the user interface.
e.g. If the peer's identity is
sip:[EMAIL PROTECTED], it is not sufficient to
display that the identity of the peer is +17005551008. In cases
where the UA can determine that the peer identity is clearly an
E.164 number, it may be less confusing to simply identify the call
as encrypted but to an unknown peer.
While I understand the logic above, it isn't very satisfying.
People are constructing sip based phone systems that must compete
with traditional phone systems. If the sip based system shows no
identity when a traditional system can display the identity of the
same caller, then the sip system will be perceived and broken and
non-competitive.
There will of course then be a temptation to do whatever is
necessary to make the product competitive.
What about changing
it may be less confusing to simply identify the call
as encrypted but to an unknown peer.
to
it may be less confusing to simply identify the call as encrypted but
to an unknown peer or to identify the call as insecure and show only
the 17005551008 portion of the peers identity.
I'm not sure if that is better or worse but it seems to be one of the
few way we have to address the issue Paul raised.
Cullen <in my individual contributor roll>
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
