Adam Roach wrote: > On 11/20/08 1:40 PM, Cullen Jennings wrote: >> >> Would be really interesting to see how the deployed border security >> devices allowed or disallowed subscribes to the dialog-event. > > > Perhaps, but I don't think we can hang on that. If there is market > value for the work we do, they'll catch up. If there isn't, they > won't. They serve business purposes -- which is both what makes them > so ridiculously infuriating as well as what makes them highly likely > to accommodate any specifications we product which have real-world > utility. > > /a
I'm not convinced we can paper over that problem so easily. There is a tradeoff here in terms of business value for implementing the feature versus increased risk of allowing the subscribes. We are not talking about some small benign event package specifically designed for this problem - we are talking about the mighty dialog event package. Once you start allowing subscribes for this through into your corporate network, you are only a minor bug or two away from a very embarrassing leak of information. Even if your border gateway sees what it considers to be a completely reasonable and well-formed SUBSCRIBE (by whatever means it chooses), you still need to trust the terminating UA[1] to correctly act upon the filter, and not start a long-lived subscription to leak information about all calls made in the next hour or so. Not everyone will see the tradeoff the same way, but there is a reasonably compelling case to say that leaking your CEO's call history isn't a reasonable price for helping someone else's screening technique say 'yes' rather than 'maybe'. I, like Cullen, would be interested to see how deployed border security devices react to subscribes to the dialog event package. Best regards, Michael [1] This includes your CFO's really old phone that can't be upgraded, because the last time it was touched, all the speed-dials for the accountants were lost. It also includes your CTO's phone that is so new and shiny it hurts. It downloads the latest firmware before the vendor has even marked it as alpha. Needless to say, both phones take a somewhat idiosyncratic view of SIP. _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
