I have more to say here (sorry), but one thing leaps out at me:
Dean Willis wrote:
>>> But when the identity assertion is coming from a PSTN caller ID, it's
>>> significantly less authoritative statement: "I, the identity service
>>> at example.com, think that this request came from +12142821376 because
>>> this is the calling party identifier presented to my telephony
>>> interface."
>>
>> Why is this limited to just the PSTN? Given your average megacorp or
>> telephant,
>> the possibility for spoofing of the local part seems pretty significant
>> when you're
>> talking about bulk signers. Weakening the guarantees to "you can
>> complain
>> to my SIP admins" is a lot easier to achieve in real life.
>
> Might be. But we've currently established the expectation that an
> Identity header serves to authenticate the calling party for access to
> confidential records like voice mail, access to conference calls, and
> so on. We can certainly go back and write in some guidance about the
> meaningfulness of the assertion, if that's what we choose to do.
>
Wait a minute: are we talking about cross-domain Identity being
used as credentials to access voice mail in another domain? Because
if it's only within a given domain's administrative control, it can know
the name space layout through out of band means. That is, it can know
if the names that it generates to gateway e.164 addresses are bogus
addresses to get at voice mail, etc.
If it's the cross domain case, can you tell me the use case?
Mike
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
