On Dec 10, 2008, at 5:46 PM, Jiri Kuthan wrote:
If I start getting nuisance rings, I might want to turn on null-
auth so that I at least have a traceback to a responsible IP
address so that I can send the lawyer-ninjas after somebody. In
this context, what does DERIVE give me that a null-auth doesn't?
just to be safe -- are you referring to
http://www.cs.columbia.edu/sip/drafts/sip/draft-schulzrinne-sip-null-00.pdf?
Yes, that's the one.
We need to distinguish exactly which likely cases DERIVE might work
against that null-auth doesn't; this becomes part of the "threat
model" that is needed to get past the security droids.
--
Dean
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
