Dan,
Thanks for writing this. As (John?) said, this subject has been
discussed before, but I don't think it was ever put in the form of a
draft - which gives it a bit more tangibility.
A few observations about the draft:
- I think the key here is not the details about the form of
presentation. Rather it is a matter of boiling down all that
may, or may not, be available in protocol exchanges into
some simple concepts that can be expected to be presented to
end users. The chanllenge is coming up with concepts that we
believe are capable of being presented on a wide variety of
devices, and that are capable of being understood by most
users.
- Your concern over the meaning of the indicator - that it
isn't about the media - is a real one. I think we need to
consider the variations that are possible, and how to
indicate them without getting confusing. If it is only the
"callerid" that is secure, then IMO the ideal way to indicate
that is to annotate the callerid display itself. This could
be some sort of icon as part of that display. Or it could be
done with color - green for trusted id, red for untrusted.
(Yellow for id from PSTN?)
The above solves the problem you are concerned about for
local conferences. If you can see the identity of each
party then you can see whether each is trusted or not.
In cases where the media is also secure some other sort of
indicator is needed. But providing this kind of information
in a way that can be understood by everyone is a challenge.
It gets even worse when when there are multiple media in
the call, because they may not all have the same security.
I do think it would be well worth the time of the group to work on this.
We keep working on security mechanisms. But it is far from clear that
any of them have much value unless that can be reflected to the user in
some comprehensible way. Starting with what needs to be displayed, and
then working backwards to what is needed to drive that display, may be
helpful.
Thanks,
Paul
Dan York wrote:
So after writing my response to Paul Kyzivat's response to Cullen, I
thought about it some more and realized that I ought to collect those
thoughts into an I-D, which I have now submitted. I did so primarily
because I haven't really seen discussion of the end user's *experience*
of working with "trusted identity" (if I missed such a discussion,
please feel free to point it out to me). To the person using a SIP
phone to call another SIP phone, how do they know that they can trust
the identity of the caller on the other end? If we solve the various
issues we are discussing related to RFC 4474, P-A-I, etc., what might
the end user experience look like?
As I note in the draft, it's not entirely clear to me that the IETF is
the appropriate body to address this question. It's more of a "user
interface" question that is more about how to have users adopt/accept a
SIP feature and feels to me like it's something more appropriate for a
more vendor-centric "industry consortium" type of entity. Something
like the SIP Forum or some other similar entity. I'm certainly open to
comments and feedback along those lines... In the meantime, I thought
I'd at least throw something out there for discussion.
Thanks,
Dan
A New Internet-Draft is available from the on-line Internet-Drafts
directories.
Title : The Importance of a Visual Identifier of Trusted
Identity
Author(s) : D. York
Filename :
draft-york-sip-visual-identifier-trusted-identity-00.txt
Pages : 9
Date : 2008-07-07
This document discusses the need for a visual identifier in Session
Initiation Protocol (SIP) endpoints to indicate to the end user that
they are speaking with someone whose identity is trusted.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-york-sip-visual-identifier-trusted-identity-00.txt
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
