On 7/31/08 2:38 PM, Dan Wing wrote:
Here's the problem... if I trust a B2BUA, it doesn't necessarily mean
that I'll trust everything it trusts. If Bob's UA is going to make an
informed choice, we need it to be able to examine a chain of
custody for the identity, at the very least.
The chain would be good, but I would be happy with the first link:
who (claims to have) injected the message into the SIP network. Even
if the message transited over some itty-bitty ITSP in a country I had
never heard of, it wouldn't matter if I could verify the identity of
who injected the message into the SIP 'cloud'.
Sorry, I was a bit unclear. When I talk about this "chain of custody," I
mean everything that has performed an action that would invalidate a
4474 signature; everything that has had to re-sign something. Those are
the actions that require a level of trust. As long as the ITSP you
mention doesn't change 4474-protected fields, I don't care who they are.
/a
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
