Dean Willis wrote: > On Dec 10, 2008, at 5:46 PM, Jiri Kuthan wrote: >>> If I start getting nuisance rings, I might want to turn on null-auth >>> so that I at least have a traceback to a responsible IP address so >>> that I can send the lawyer-ninjas after somebody. In this context, >>> what does DERIVE give me that a null-auth doesn't? >> >> just to be safe -- are you referring to >> http://www.cs.columbia.edu/sip/drafts/sip/draft-schulzrinne-sip-null-00.pdf? >> > > Yes, that's the one.
Presumably null-auth will only work if the perpetrator of the nuisance calls doesn't take advantage of the text: # The client could also provide the Null credentials immediately if # it knows that it has no other credentials, avoiding an extra # round-trip delay. Maybe the null challenge should round-trip a nonce. At least that would show the challenge got back to somewhere useful. Michael _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [email protected] for questions on current sip Use [email protected] for new developments on the application of sip
