On 1/20/2006 7:45 PM, "Suresh Venkatraman" <[EMAIL PROTECTED]> wrote:
>> SIP presently has means to 'prove' the identity of the calling party sip >> identity [1] which supplies a new header (and some hash/signing). While it >> is presently in ID, it is header to RFC editor queue. >> >> It would be for the SIP WG to draft a binding of 'dix' with sip-identity, >> IMHO. At least for the purposes laid out in the above use case. > > It's in the draft "Enhancements for Authenticated Identity Management in the > Session Initiation Protocol (SIP)". It assumes identity is defined for SIP, > but is not cryptographically secure. Which is true. SIP (without mechanisms such as SIP-identity) suffer the same authentication problems email does. Specifically, the ability for the UAC to forge the 'From' header. > > The draft is of course motivated by a need for authenticating identity but I > worry about yet another separate but incompatible scheme for SIP. There is > also a proposal to bind SAML to SIP titled "Using SAML for SIP". I am not suggesting a new scheme for SIP, others were suggesting SIP as another target transport. SIP-identity/SIP-SAML are there now. As I stated, it would be up to the SIP WG to determine if adding a 'dix' mechanism is a 'Good Thing' or not. > > Some future DIX binding for SIP will help add to the confusion. Yep. So we leave it up to them. > > <sarcasm> > Of course it's par for the course to throw everything under the sun into > SIP. And the charter actually states simplicity as its goal... I can't wait > until every application or network WG has its own version of identity, none > of which will interoperate. > </sarcasm> ;-) =peterd _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
