> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean > Willis > Sent: Friday, December 05, 2008 12:22 PM > > In a third attack scenario, presume the attacker's goal is to > impersonate a caller, such as the infamous "Radio-Show Sarkozy/Palin" > calls. > Here the goal is not necessarily to prevent the call, but to give the > called party some level of comfort as to the authenticity of the > caller's expression of identity. > Indirect return routability checks clearly establish that the calling > party is sufficiently in-control of the expressed identity as to be > able to receive calls directed toward that identity. This is better > than nothing; it can't prove identity, but it greatly decreases the > probability of a random radio DJ being able to make a prank call.
Actually, I would debate that. Derive and other return-routability checks have the property of: "if I pass then you know I'm good, if I fail then you know nothing (neither good nor bad)". I would argue such a property is only useful in voice communications if it passes and provides a positive/"good" result *frequently*. For example, if the odds of Derive passing is low in general, then Palin would have had to assume it *was* Sarkozy even if it failed. Why? Because she assumes it now, with no such checking, and the odds of this thing passing are low per the supposition. Therefore, if we feel the odds of a return-routability check succeeding is low in general, it is NOT the case that: "it greatly decreases the probability of a random radio DJ being able to make a prank call." -hadriel _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
