On Jul 13, 2008, at 12:00 PM, Hadriel Kaplan wrote:
-----Original Message-----From: sip-bounces at ietf.org [mailto:sip-bounces at ietf.org] On Behalf Of AdamRoachThe way to get identity through B2BUAs is to have them *be* back-to- back USER AGENTS. They demonstrate to a 4474 signer (which may be colocated with the B2BUA) that they are authentic agents of the signer's domain,authorized to assert the identity in the "From" header field, and all the 4474 goo can be added just fine.That would work if and only if the B2BUA owned a cert of the same domain as the From they changed it to. That is actually not the case in practice, even when the From is an E.164. It would also not work if the From was not an E.164, since they can't go changing sip:adam at nostrum.com to sip:adam at garden.eden.com, for example.
no, but garden.eden.com could could sign an identity header with a From: of adam at nostrum.com.
Would a recipient trust it? Why would you trust anything that was mangled by a B2BUA in the first place? If you trust the operator of the B2BUA, then trusting the re-signed identity seems just as reasonable. The good news is that this lets people who DON'T trust the operator of the re-signing B2BUA know that the call has been mangled.
-- Dean _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors at cs.columbia.edu for questions on current sip Use sipping at ietf.org for new developments on the application of sip