Dean Willis wrote:
[snip]
We're at a decision point here -- do we follow RFC 1984 to the fullest
extent and design a secure protocol that will have limited
applicability, or do we design a protocol with broader applicability
that has explicitly negotiated key sharing?
I don't want to see sip relegated to specialty applications and excluded
from most common usage.
Having the key disclosure explicit to the UAs seems a better. I guess
one might ask why a UA would ever agree to disclose its keys, but the
answer clearly is that it might do so if it has no other option that
allows making the call.
If it is explicit to the UA, then the UA can indicate to the user that
the key has been disclosed for this call. (This is another aspect of the
"lock icon" discussion that is still lurking out there.) Having an
indication that the call is *eligible for LI* is different from knowing
that it is being intercepted. It had better be legal to disclose that.
Calls via phones that are directly connected to a carrier would always
indicate they are eligible for LI, so it might not be a very interesting
datum. But phones connected to corporate systems might be subject to LI
only for calls routed via a carrier, not for internal calls. So the
indicator could be useful for deciding what to discuss or not discuss.
Thanks,
Paul
_______________________________________________
Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
