[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] Thoughts on gateways, user=phone, and the Identity/DTLS-SRTP problem

To: Dean Willis <dean.willis at softarmor.com>
Subject: Re: [Sip] Thoughts on gateways, user=phone, and the Identity/DTLS-SRTP problem
From: Ben Campbell <ben at estacado.net>
Date: Fri, 18 Apr 2008 18:44:41 -0500
Cc: "sip at ietf.org List" <sip at ietf.org>
Delivered-to: ietfarch-sip-web-archive at core3.amsl.com
Delivered-to: sip at core3.amsl.com
In-reply-to: <209D6AE6-53E3-4858-A888-271B29E21705 at softarmor.com>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <9F300C5A-9A1E-4F97-8A81-CB049B2545AA at softarmor.com> <01362923-212F-42FE-8DD7-A33625BFD34A at estacado.net> <209D6AE6-53E3-4858-A888-271B29E21705 at softarmor.com>
Sender: sip-bounces at ietf.org

On Apr 18, 2008, at 6:30 PM, Dean Willis wrote:

>
> On Apr 18, 2008, at 4:38 PM, Ben Campbell wrote:
>
>>
>> On Apr 12, 2008, at 4:00 AM, Dean Willis wrote:
>>
>> [...]
>>
>>> If we made it mandatory for a PSTN gateway to assert identities  
>>> using
>>> user=phone and documented that Identity headers over an identity  
>>> with
>>> a user=phone parameter do not assert the "user part" of that  
>>> identity,
>>> then I think we'd have a complete solution.
>>
>> [...]
>>
>> I think you would need to extend that to be PSTN gateways that do  
>> not do some sort of caller authentication. As we discussed  
>> separately, it's perfectly possible for a PSTN gateway to require a  
>> PIN from a caller, and therefore be able tp assert a stronger  
>> identity than it could from caller id. In that scenario, would you  
>> expect the "user=phone" parameter to apply?
>>
>
> How would you differentiate an an authenticating gateway from a non- 
> authenticating gateway downstream?
>

That's rather the problem.

My point is, although there is a lot of correlation between "phone  
numbers" and "unauthenticated callers", it doesn't always have to be  
that way. We also assume that calls crossing non-PSTN gateways will  
have better authentication properties, but it doesn't have to be that  
way either. Unless we remove all historical meaning from "user=phone",  
then using it would codify assumptions that are not necessarily true.

If we decide that we need a way to signal that an identity assertion  
is weak, then I think we need a way to do it that is orthogonal to  
whether the call originated the PSTN.
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

References:
- [Sip] Thoughts on gateways, user=phone, and the Identity/DTLS-SRTP problem
  - From: Dean Willis
- Re: [Sip] Thoughts on gateways, user=phone, and the Identity/DTLS-SRTP problem
  - From: Ben Campbell
- Re: [Sip] Thoughts on gateways, user=phone, and the Identity/DTLS-SRTP problem
  - From: Dean Willis

Prev by Date: Re: [Sip] Thoughts on gateways, user=phone, and the Identity/DTLS-SRTP problem
Next by Date: Re: [Sip] E.164 - who owns it
Previous by thread: Re: [Sip] Thoughts on gateways, user=phone, and the Identity/DTLS-SRTP problem
Next by thread: Update Your Billing Information
Index(es):
- Date
- Thread