Cullen Jennings wrote:
What about changing
it may be less confusing to simply identify the call
as encrypted but to an unknown peer.
to
it may be less confusing to simply identify the call as encrypted but to
an unknown peer or to identify the call as insecure and show only the
17005551008 portion of the peers identity.
I'm not sure if that is better or worse but it seems to be one of the
few way we have to address the issue Paul raised.
If we had a way to indicate that the identity is untrusted in the
display to the user, that might be acceptable.
BUT, we have a world full of devices that don't have an established way
to indicate that. So when the call ends up going to one of them, there
remains the choice of displaying the (untrusted) number with no
disclaimers, or not displaying it.
The PSTN world has the same issue. Their choice has typically been to
display it. That may have been justified once, when the phone network
was relatively closed and those with the ability to forge their identity
were few. Its no longer true, for a variety of reasons. And we are
making it increasingly less true.
Perhaps we just have to accept the fact that entirely untrusted
callerids will be displayed with no indication that they are suspect.
But that then devalues doing anything secure, since the users won't be
able to tell the difference.
Paul
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
