Re: [Sip] comments on draft-ietf-sip-dtls-framework

I agree that if a device is going to have much usefulness in  
indicating that media is encrypted, it also needs to say who it is  
from so one can determine that it is not from the MiTM.

Cullen <with my individual contributor hat on>

On Nov 26, 2007, at 11:28 PM, Elwell, John wrote:

> The point is, when showing the padlock icon to say that a call's media
> are secured, it needs to accompanied by a display of the domain to  
> which
> it has been verified to be secure. The same way that when I go to a
> secure web site I can see the URL and, if I desire, view the
> certificate. For SIP, this should be true whether the user-ID within
> that domain is a phone number or not.
>
> So if I make a call to somebody in example1.com, I would expect  
> that to
> be shown and not something like MitM.net.
>
> John
>
> > -----Original Message-----
> > From: Jonathan Rosenberg [mailto:jdrosen@cisco.com]
> > Sent: 27 November 2007 00:20
> > To: Paul Kyzivat
> > Cc: Cullen Jennings; IETF SIP List; Elwell, John
> > Subject: Re: [Sip] comments on draft-ietf-sip-dtls-framework
> >
> > inline:
> >
> > Paul Kyzivat wrote:
> > > John,
> > >
> > > I agree with your analysis. And yet in many contexts there
> > is a strong
> > > desire to display "phone numbers", because of custom and
> > limitations of
> > > protocols and devices. So there is a tendency to coerce a
> > sip URI into a
> > > phone number whenever it looks like that can be done.
> >
> > Its more than a rendering problem. The identifier is meaningful for
> > security because the person on the receiving end of the call
> > can tie it
> > to user - the one that they know has been assigned this
> > identifier. And
> > thus, they can be assured that, when they answer the phone, they  
> know
> > the user that is calling (let us put aside issues when
> > someone else uses
> >   my phone to make calls).
> >
> > The root issue is that FUNDAMENTALLY, phone numbers are not scoped
> > within a domain. For this reason, the mapping that exists in peoples
> > heads from identifiers to users is of one of two forms:
> >
> > "user@domain" --> some person
> > "1 (408) 902-5000" ---> some person
> >
> > so, even if you user interface could render the fact that,
> > the call was
> > from sip:14089025000@somedomain.com, I believe that users
> > would anyway
> > ignore the domain part since there is no domain part for
> > phone numbers.
> >
> > -Jonathan R.
> >
> > --
> > Jonathan D. Rosenberg, Ph.D.                   499 Thornall St.
> > Cisco Fellow                                   Edison, NJ 08837
> > Cisco, Voice Technology Group
> > jdrosen@cisco.com
> > http://www.jdrosen.net                         PHONE: (408) 902-3084
> > http://www.cisco.com
> >
> >
> > _______________________________________________
> > Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
> > This list is for NEW development of the core SIP Protocol
> > Use sip-implementors@cs.columbia.edu for questions on current sip
> > Use sipping@ietf.org for new developments on the application of sip
> >
>

_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip