Jiri, It is well-known that I am not comfortable that we have a **deployable** solution for preventing From URI spoofing. The reason it is not deployable is because of B2BUAs, and to some extent because of E.164-based URIs and the way they are handled in practice. Furthermore there are issues with PSTN interworking, but we can't do much about that.
I have tried to articulate these issues by means of several I-Ds over the last year or so, but capturing a "problem statement" acceptable to all seems to be an elusive goal. The reason seems to be that if I describe the problem in a certain way (e.g., B2BUAs break the RFC 4474 signature), people say "but we can get round this by doing A", so the problem statement has to be extended to say why A doesn't work, and then people say "but you can get round it by doing B", so the problem statement has to be further extended to say why B will not work, and so on ad infinitum. So I would welcome any other attempts to write the problem statement. John > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Jiri Kuthan > Sent: 20 November 2008 23:53 > To: [email protected]; Cullen Jennings > Subject: [Sip] scope of derive > > I'm just wondering, if folks could help to explain me this: > apparently when I asked if people in the WG feel safe about > IETF's mechanisms deployable to prevent spoofed From, nobody > spoke up. At the same time, there were some who felt that > we don't have a problem statement. I would be thankful if > representatives of the latter group could share with me > what is the missing piece here to state a problem. > > Thank you very much indeed, > > -jiri > > p.s. the other aspects such as B2BUA traversal is IMO very > orthogonal and is to be ellaborated on in a seprate document. > > _______________________________________________ > Sip mailing list https://www.ietf.org/mailman/listinfo/sip > This list is for NEW development of the core SIP Protocol > Use [EMAIL PROTECTED] for questions on current sip > Use [EMAIL PROTECTED] for new developments on the application of sip > _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
