Hadriel Kaplan wrote:
-----Original Message-----
From: Michael Thomas [mailto:[EMAIL PROTECTED]
I thought that the beauty of P-A-I was that my telco can happily claim
that
I'm the Queen of the Night without all the bother of checking to see if
I'm a soprano, or can even sing that many notes in a row. So I guess
I don't see what the point is being extra sure that the fiction is a super
reliable fiction.
It identifies who wrote the fiction, and the receiver can decide if they
believe the writer (e.g., based on a reputation system); or if it is fiction
can know who wrote it and let them know. (most operators don't intend to write
fiction :)
And I should note 4474 has a similar issue - the signer can change the From to
whatever before signing - except at least 4474 constrains the scope of that
fictional identity to the signer's domain name in the URI. In theory that
makes it pretty good, because the signer can only lie about their own users,
but in practice if the URI is treated as an E.164 then the scope isn't
constrained.
Indeed, DKIM has the same constraint as well. What I'm not entirely
getting is why 4474 isn't sufficient for the overall goal. And if 4474
doesn't cover the needed headers, wouldn't a better fix be to change
4474 to allow more headers to be signed ala DKIM's h= tag instead
of rolling yet another scheme?
In any case, P-A-I still seems like a different animal than 822-like
addresses which at least can be anchored in a given domain. DKIM
has the capability of signing messages that don't necessarily correspond
to any outside header, but AFAIK that capability isn't being used for
much... which sort of implies that it's either useless which SIP should
avoid, or useful which SIP backfill. Since we don't know the answer
to that quesion, wouldn't it be better to wait and see?
Mike
And since it seems to only be within a given administrative realm, why
isn't TLS or many other possible techniques adequate?
It's not within a given administrative domain - it's within a PAI trust-domain,
which in practice often contains multiple administrative domains.
-hadriel
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
