Re: [Sip] II digit & Calling Name

["Henning G. Schulzrinne" <hgs@cs.columbia.edu>]

> The privacy draft, to some degree, is inconsistent with the caller
> preferences spec in this regard. For example, one of the rpi-id-types is
> "return", which is more like the Contact, in that its a "device" address,
> not a user identity.

My interpretation was that this was more of a logical address rather
than a device address, similar to the 'reply-to' header in email. For
example, you could imagine that you want all future calls (not
transactions within the call) to sales critter S to always go to
sales@example.com. (Or the example given in the spec, of providing an
800# for return calls in outgoing calls.)

If this difference is indeed correct, I believe it would be helpful if
the authors could clarify the call vs. transactions-within-call
distinction.

> 
> One might also argue that, if you want to allow the network to provide and
> validate a user identity, then you might want the network to provide and
> validate a device identity (i.e., the Contact). This would argue for the
> equivalent of remote-party-id for Contact. To be honest, I never understood
> why we didn't have the header called Auth-From, and now we might want to
> think about Auth-Contact.....
> 

It seems pretty clear that the privacy draft makes rather traditional
assumptions about the network architecture, for example, that the entity
doing the identity checking is implied and requires no identification.
However, without cryptographic authentication of the verifier, it's not
clear how useful this whole scheme is outside tightly constrained
network architectures and rather old-fashioned trust relationships.


-- 
Henning Schulzrinne   http://www.cs.columbia.edu/~hgs

_______________________________________________
Sip mailing list
Sip@ietf.org
http://www.ietf.org/mailman/listinfo/sip