On Apr 12, 2008, at 4:16 AM, Dean Willis wrote: > I think at least one carrier has gotten a workaround in place to > user caller-ID as an authenticator, but only when the call is > originating from a mobile in their network and they've handled the > GSM authentication themselves.
Actually, I was contemplating an argument that we should just establish a best current practice that says one should never trust a phone number, even if it includes a 4474 signature, and that we didn't need to put anything in the message to indicate that. But you've just brought up an edge case where someone could really sign a phone number and mean it, that is, if the gateway is controlled by the authenticating carrier, it could have some out of band way of knowing about said authentication. and could in fact trust the callerid with reasonable strength. Therefore, the fact that the From header contains a tel (or user=phone) URL is not sufficient to for the receiver to infer the authentication strength. _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
