> -----Original Message----- > From: Jiri Kuthan [mailto:[email protected]] > Sent: Sunday, March 29, 2009 06:38 > To: Audet, Francois (SC100:3055) > Cc: [email protected] > Subject: Re: francois' comments and why RFC4474 not used in the field > > > So, what can we do? I see 2 possibilities: > > > > 1 - Make it end-to-end. This means tackling one by one the > problem areas. > > Use TURN/ICE instead for relying on SDP payload > manipulation. Use > > Call-ID and Contact headers that don't reveal topology, etc. > > > > 2 - Create a non end-to-end Identity assertion mechanism > that is different > > from RFC 4474 and more secure than P-Asserted-Identity. > I have a > > feeling that it won't be trivial. We may have to define the > > trust relationship between the ends and the intermediaries. > > > > What I was trying to say in the meeting is that for "end-to-end > > identity", 4474 appears to work. But if the problem we are > trying to > > solve is NOT end-to-end identity, but strong mediated > identity, then, > > let's just say so. It's just a DIFFERENT problem to solve. > > Well, I'm afraid that 1 is too complicated to work. Bringing > TURN/ICE to work is already quite an enterprise, and as much > success I wish to it, I would be careful and avoid dependency > on it (which is generally a good protocol design practice anyhow). > > 2 is then probably the safer direction to me. The point is really that > RFC4474 is not having as broad applicability as we have > hoped, and leaving SIP without Identity is going to be > real-time irritating, compared to convenience of Email's > off-line irritation.
1 is definitively difficult to implement. However, I'm quite afraid that 2 is actually worst... > Some of the RFC 4474 applicability limitations could be > lifted by reducing its integrity protection scope. I'm not > sure how popular will it be then (some have had different > opinions on adoptability of things relying on CA) but it > seems worth trying. My fear is that by doing so, we will not do something that will be substantially better than P-Asserted-Identity. But like you said, it may be worth trying. _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [email protected] for questions on current sip Use [email protected] for new developments on the application of sip
