> -----Original Message----- > From: Theo Zourzouvillys [mailto:[email protected]] > Sent: Saturday, March 07, 2009 4:26 PM > > hmm, the above paragraph could almost have been talking about > AOL/compuserv vs a "real" ISP 15 years ago :-)
Indeed. :) And email has been getting less spam and phishing and viruses ever since. And email has an even stronger architecture for security than SIP in some ways, ironically. And less impact on the user-experience when it fails. In many ways SIP's user-experience model is closer to IM than email, but with some worse security properties. (and it's debatable if one would call IM "open", or end-to-end) But even in that context of closed vs. open, you find web hosts having to employ strong and stronger means of user authentication, such as captcha's, and connection-layer security, such as TLS. If the open SIP providers don't employ some counter-measures for spoofing, user authentication, and service control, then they will when the issues crop up. (if they have enough users to make attacking them interesting, which is the big "if") But anyway, that's why I want a SIP Identity mechanism that actually works, fwiw. -hadriel _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [email protected] for questions on current sip Use [email protected] for new developments on the application of sip
