On Apr 21, 2008, at 7:54 AM, Paul Kyzivat wrote: > >> Here's the scenario: Alice sends an INVITE to Bob. Charlie sees it, >> and fakes a 200 OK response to Alice before Bob can respond. >> Unlikely? Not in a P2PSIP world. > > Thats clearlhy a bad case. If it can be distinguished from the > others then great.
It is distinguished by the facts 1) that the respondent Charlie cannot present credentials for the called party Bob, and 2) Alice received no authentic instruction from Bob about the retargeting. SIP today works because our proxies are generally trustworthy and we have TLS to make sure we're talking to the proxy we think we're talking to. P2PSIP proxies cannot be trusted to that extent, and therefore we don't get the same benefit from TLS. > > However its not entirely clear to me that this is conceptually > different from Bob being offline and having asked Charlie to answer > calls for him. > It is not different in today's protocol spec. That's the problem -- it should be. >> If Bob forwards his phone to Charlie, Alice needs to see something >> signed by Bob or somebody authoritative for Bob that says the call >> is being redirected to Charlie before accepting a response from >> Charlie. > > I agree this would be a good thing. It doesn't have to be the 3xx > response. Correct. There have been other proposals, such as a reliable provisional informing Alice that an authorized proxy has retargeted the call to Charlie. This isn't hard -- it takes only a new response code and minor mods to RFC 4474. Or it could be done with no new extensions using an accept/refer/disconnect model. > >>> I can see the value of being able to specify that I want to speak >>> to a certain person and no other, but I think I wojuld only want >>> to use it on rare occasions. >> I bet you'll want to use it on every call. You just don't know it >> yet. > > There are just too many cases when I don't know who will be expected > to answer the call. You seem to be assuming that all phones are > personal phones. For every phone I call, there is somebody I expect would be authoritative for that call. For example, if I call a Lufthansa call center to book a ticket, I expect that the party I reach will be able to authentically claim to represent Lufthansa. > > >>> BTW, when it does matter to me I would prefer to restrict who >>> actually answers the phone, rather than just which phone rings. >>> But I don't see much likelihood of that any time soon. >> You have no choice about who answers. What you have a choice about >> is which answer you will accept as valid. > > I want the one with the real Dean Willis talking, regardless of what > AOR was used to reach it. (Assuming there *is* a real Dean Willis.) I may not be available. Would you rather reach the person I've authorized to handle my calls in my absence, or some random stranger? I suppose that's a personal choice ;-). -- Dean _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
