Hadriel Kaplan wrote:
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adam
Roach
The way to get identity through B2BUAs is to have them *be* back-to-back
USER AGENTS. They demonstrate to a 4474 signer (which may be colocated
with the B2BUA) that they are authentic agents of the signer's domain,
authorized to assert the identity in the "From" header field, and all
the 4474 goo can be added just fine.
That would work if and only if the B2BUA owned a cert of the same domain as the
From they changed it to. That is actually not the case in practice, even when
the From is an E.164. It would also not work if the From was not an E.164,
since they can't go changing sip:[EMAIL PROTECTED] to sip:[EMAIL PROTECTED],
for example.
That would be ideal if the b2bua was in fact part of the same administrative
domain of course. However, the "you break it, you own it" scheme obviously
couldn't require such a thing. As in the case of this mailing list
breaking DKIM
signatures, the IETF could resign as IETF leaving the From: (or p-a-i or
eieio
...) the same. At that point there's no ex(-im?)plicit binding between
the sig
and the From: domain, but that probably doesn't make much difference if my
domain has ietf.org whitelisted for, oh say, mailing list traffic.
Like I said, not entirely satisfying but throw in some local and reputation
based whitelisting and it seems like a pretty plausible scenario for SIP
too.
Mike
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
