Dan Wing wrote:
However, one of the most predominant model today doesn't work
like this.
A domain is often relying on a third party, a "service provider".
I observed Hadriel's presentation from the very back of the
room. My interpretation is that we lack consensus that there
are intermediate service providers.
Until consensus on that point is reached everything else is
for naught.
I'm worried that "intermediate service providers" is a sort of
scenario which is underplaying the RFC4474 flaw.
The key problem is that RFC4474 is not robust. It ties likely-to-fail
integrity to identity, resulting in identity broken. Integrity is
likely to fail, because regardless how close the assertion party
is to the verification party, some sort of SDP-changer will be
there. Maybe "intermediate service provider" or an ALG. One can
argue that ALG has nothing to do there (quite rightfully so)
but relying on such not to be there is just way too brittle.
So I don't think the problem is we are missing a definition of
intermediate service provider. I think we are missing identity
vehicles that have robustness to overcome all sorts of middleboxes.
-jiri
-d
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [email protected] for questions on current sip
Use [email protected] for new developments on the application of sip
