On Mon, 2008-12-08 at 15:49 +0100, Jiri Kuthan wrote:
> Elwell, John wrote:
> > [JRE] The number of negatives will diminish, true, but it will never
> > approach zero, because there will always be negative cases arising from
> > forking, call forwarding, problematic B2BUAs, etc..
>
> indeed.
>
> > So it is a question
> > whether it will get sufficiently close to zero that the odd false
> > negative can safely be ignored. I am rather doubtful.
>
> The question remains: why would like to worry about the negative case
> when we know it has zero information value?? I cannot conceive anyone
> would like to use such non-information and I don't see the point in
> studying it then.
I'll turn that question around: what do you think this really achieves
for the ordinary non-technical phone user?
* Sometimes the phone has an indicator that the caller-id has been
verified.
* Sometimes the phone fails to have that indicator, but
regardless, the caller-id may be correct.
I believe that the false-negatives in the latter greatly diminish the
value of the former, because you still have to answer the phone to find
out if it is who it claims to be.
Further - what part of a caller-id does a phone display? Given:
From: "Scott Lawrence" <[EMAIL PROTECTED]>
what do you suppose a phone will display? For most phones I use today,
it will either be "Scott Lawrence" or "scott", and in any event most
won't have enough characters for a long address. These display
limitations and ambiguities mean that an attacker can trivially create a
return-routable address that will very likely be displayed in the same
way as some other address, so even the positive case can be spoofed as
far as the human user is concerned.
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
