On Dec 8, 2008, at 11:10 AM, Jiri Kuthan wrote:
I think DERIVE is a viable approach for spoofing protection and I
haven't found
a convincing argument that would counter that really.
We agree that a negative-DERIVE test means nothing. Therefore, DERIVE
provides no spoofing protection.
What it does do is potentially provide some assurance of non-spoofing.
That's a very different thing.
In short, the default condition for an astute user should be "The
caller ID may or may not be valid". With negative-DERIVE, this doesn't
change.
With positive-DERIVE, the user should think "This caller-ID works for
a return routability check. It is more likely to be valid than if I
didn't have this test, but it might still be faked by a clever badguy".
Otherwise said: Unknown, Claims-to-be, and Can-be-reached-now-at are
the three possible states produced by DERIVE.
Now, how astute do you think your hypothetical grandmother is likely
to be?
At the best, we can get three states to such a user: no ID, not
trusted, and trusted to relatively high level. Those aren't the same
three states that come out of DERIVE. So is it useful to your
grandmother, or just confusing?
--
Dean
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
