Hi Cullen,
well, apart from the Q&A bellow, would not it make sense to ask
ourselves first:
is there a problem to be solved?
my 2 cents are: yes, absence of a simple way of checking "is it you who
is calling
me" is a problem.
Simple means to me application(sip)-based, end-to-end, without
communicating to other infrastructure.
I'm just wondering if you, as well as other WG participants have an
opinion on this
very basic question.
I suppose those who were recently getting the 3AM unsolicited calls
would agree
with me, even without knowing what SIP is. In fact, attackers seem to be
less
concerned about all the intriguing solution aspects being debated right now.
-jiri
Cullen Jennings wrote:
We have had a few meetings on the topic of Identity in various forms. At
many of them I have mentioned that I did not think we agreement on what
the trust relationships were between the parties and what we were trying
to accomplish - without that, it is hard to make progress. So I would
answer your questions as:
On Oct 31, 2008, at 12:51 PM, Victor Pascual Ávila wrote:
After some discussion, the following questions come to my mind:
- Do we have clear requirements for e2e verification?
no
- Do we have clear application scenarios?
no
Cullen <with my individual contributor hat on>
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
