> -----Original Message----- > From: Adam Roach [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 31, 2008 2:51 PM > To: Dan Wing > Cc: 'Dean Willis'; 'SIP IETF'; 'Adam Uzelac' > Subject: Re: [Sip] Alternative SIP Identity Approach (was re: > Thoughts on SIP Identity) > > On 7/31/08 2:38 PM, Dan Wing wrote: > >> Here's the problem... if I trust a B2BUA, it doesn't > necessarily mean > >> that I'll trust everything it trusts. If Bob's UA is going > to make an > >> informed choice, we need it to be able to examine a chain of > >> custody for the identity, at the very least. > >> > > > > The chain would be good, but I would be happy with the first link: > > who (claims to have) injected the message into the SIP > network. Even > > if the message transited over some itty-bitty ITSP in a > country I had > > never heard of, it wouldn't matter if I could verify the identity of > > who injected the message into the SIP 'cloud'. > > > > Sorry, I was a bit unclear. When I talk about this "chain of > custody," I > mean everything that has performed an action that would invalidate a > 4474 signature; everything that has had to re-sign something. > Those are > the actions that require a level of trust. As long as the ITSP you > mention doesn't change 4474-protected fields, I don't care > who they are.
Oh, so something like: "The original list of codecs was G.729,G.711" and to convey it in such a way that I could re-insert G.729 and validate the original 4474 signature? And something like "The original m/c line was 1.2.3.4/5678"? -d _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
