> -----Original Message----- > From: Michael Thomas [mailto:[EMAIL PROTECTED] > > > Meaning that it's far from clear how fledgling reputation services are > going to use these identities. What exactly does a signed P-A-I mean > even if we had one? What might a receiver or third party do differently > vs. a signed from, say? Especially when you factor in that P-A-I is > big smelly hack?
Yes, another elephant. :) A PASS-signed PAI means the asserter generated it for this message. Right now we have multi-domain exchanges of SIP messages with PAI header fields being used for caller-id. I don't know what-all a receiver might do with the signed information (though I could guess). I am only offering to give it more information. Some folks are telling me they would like to know that the caller-id is legit. I can't. I can only tell them that a node which generated a caller-id also owns a cert from a CA they trust, so they have some recourse if it ends up being wrong. I have no (practical) way to verify the caller-id directly. (And neither does 4474 or DKIM) > Waiting-and-seeing what the reputation folks actually need versus guessing > what they might need, maybe, someday seems prudent to me. That's > doubly true because there's not been much if any uptake of 4474 and > I'm guessing that lack of coverage of P-A-I is not one of the reasons. > Concentrating on _that_ problem seem to me the paramount concern. There has not been any uptake of 4474 for a bunch of reasons, not the least of which is there's no problem yet, and for some/many cases we know it won't work. I have no doubt a PASS signature is not the be-all-end-all solution. But I do know it takes years to get something spec'ed, implemented, tested, and deployed in any scale that will matter. So I'm trying to do a short-cut, instead of waiting for a problem: thus, an informational P-header. -hadriel _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
