Re: [Sip] Alternative SIP Identity Approach (was re: Thoughts on SIP Identity)

[Hadriel Kaplan <HKaplan at acmepacket.com>]

> -----Original Message-----
> From: sip-bounces at ietf.org [mailto:sip-bounces at ietf.org] On Behalf Of Dan
> Wing
>
> The chain would be good, but I would be happy with the first link:
> who (claims to have) injected the message into the SIP network.  Even
> if the message transited over some itty-bitty ITSP in a country I had
> never heard of, it wouldn't matter if I could verify the identity of
> who injected the message into the SIP 'cloud'.

That was kinda my thought for the P-Asserter draft - as much as preventing all mitm cases would be great, not having anything is far worse.  Most of my customers don't care about preventing mitm for identity; if there's a malicious mitm, wrong identity is the *least* of their problems.  What they care more about (I think) is lying originators, open relays, and the like.

In other words they want to prevent SPAM and Phishing and such.  Having a proof of signaling originator Identity alone (ie, the From or something similar) with replay protection and non-repudiation is sufficient for them - they don't need SDP identity, or Call-Id Identity, or CSeq Identity.

-hadriel
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip