> -----Original Message----- > From: Michael Thomas [mailto:[EMAIL PROTECTED] > Sent: Tuesday, July 08, 2008 4:38 PM > To: Dan Wing > Cc: 'Hadriel Kaplan'; [email protected] > Subject: Re: [Sip] Signing P-Asserted-Identity > > Dan Wing wrote: > > ... > > > >> So let me get this, um, straight: what people really want is > >> to be able > >> to trust the callerid but that's precisely what we can't > provide. Hmm. > >> And many of things that you point out about breakage with 4474 is > >> not _really_ a fault of 4474 per se, it's that you're hoping > >> essentially for the impossible: having a signature survive through > >> a b2bua sausage factory. > >> > >> Sounds all too familiar. > >> > > > > It sounds familiar because email has similar problem. > > > > SIP's B2BUA 'sausage factory' is akin to email's mailing > list 'sausage > > factory'. DKIM managed to engineer a solution to email's > mailing list > > sausage factory, yes? > > > > In a general way? No not really. If you have any way to make SIP > play better with manglers in a systematic way, I'd seriously consider > it. DKIM didn't have that luxury, or more specifically we didn't think > anything that tried to get the installed base to do anything > other than > add a > signature header somewhere in the pipeline was feasible. B2BUA's > (etc) are still relatively new critters so you might have say > about what constitutes a "well behaved B2BUA".
SBCs and many B2BUAs modify the SIP bodies that contain SDP, and that is not changable or avoidable. See draft-kaplan-sip-uris-change-00.txt for why. > > (I have a whitelist for [EMAIL PROTECTED], but only if it came via > > one of Amazon's mailers. This is because spammers learned that > > many people, such as me, had such a whitelist. Criminals that, > > today, send email that looks like it came from my bank are likely, > > tomorrow, to initiate VoIP calls with an E.164s that belong to > > my bank. I would like to have cryptographic identity standardized > > when that happens so that we do not incur an additional two year > > delay in getting it standardized and then another year delay to > > get it into products.) > > > > I'm sorry, but whitelisting your bank's e.164 seems wacky, Dan. I have > no clue what my bank's e.164 is. Why exactly do I want to perpetuate > my clueless about their numbers into the future with super-signed but > still unrecognizable identifiers? Even with my cell phone it > doesn't annoy me with the e.164 of anybody I'd whitelist; it tells > me their name. Many cellular phones (and some standalone caller-id boxes) will substitute the incoming E.164 with a name that matches the addressbook. That is what my cellular phone does. I don't know if your cellular phone does that, or if your cellular phone is displaying the name provided by the PSTN. I'm sorry that you do not have the number of your bank in your phone. Please substitute another institution or person, which you do have in your phone, and for which you would answer the phone. I, personally, do not know the number of my bank, either. It was merely an example of unauthenticated identity and how a spammer or a criminal can take advantage of unauthenticated identity; sorry you took it literally. > I swear that there's something really circular going on here, > but I'm just too dull witted to figure it out. Yeah, you have completed several years working on identity for email, but you are telling the SIP community that SIP doesn't need identity for SIP. From my perspective that is circular reasoning. -d _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
