Re: Media vs Signaling identity (was Re: francois' comments andwhy RFC4474 not used in the field)

> -----Original Message-----
> From: sip-bounces <at> ietf.org [mailto:sip-bounces <at> ietf.org] On 
> Behalf Of Victor Pascual Ávila
> Sent: 31 March 2009 11:07
> To: Jonathan Rosenberg
> Cc: SIP List
> Subject: [Sip] Media vs Signaling identity (was Re: francois' 
> comments andwhy RFC4474 not used in the field)
> 
> On Tue, Mar 31, 2009 at 4:12 AM, Jonathan Rosenberg 
> <jdrosen <at> cisco.com> wrote:
> > inline:
> >
> > Jiri Kuthan wrote:
> >
> >
> >>>  From an end user perspective, I would assert that the 
> most important
> >>> thing is probably the media. If the callerID says, "this 
> is bob", what is
> >>> important to the user, is that when I pick up the phone 
> and start talking,
> >>> it will be Bob who hears me, and Bob that I hear.
> >>>
> >>> Consider this litmus test:
> >>>
> >>> If the signaling actually came from Mary (perhaps as a 
> third party), but
> >>> the media goes/comes to/from Bob, who should appear on 
> the caller ID? I say
> >>> - Bob.
> >>
> >> There is a timing aspect in favor of placing identity in 
> signaling --
> >> I would like to know whose call is ringing before I answer 
> (if I do).
> >
> > You can still have that. Just don't ring the phone until 
> early media has
> > been exchanged and verified. Indeed if you were doing an 
> ICE-style thing per
> > Dan's draft, you'd get that for free.
> 
> Are we restricting the identity assertion to telephony-like sessions?
> 
> IMHO, identity assertion should also work for the following scenarios
> (among others):
> 
> -rfc3725, figure 1, message 1 (INVITE no SDP): Upon receipt of the
> initial INVITE (note there's no session description at all), "A"
> decides to authorize or reject the call based on the delivered
> identifier.
> 
> -rfc3428, figure 1, message 2 (F2): "user2" decides to answer or
> ignore the message based on the delivered identifier.
> 
> -rfc3515, example 4.1, message 1 (F1): "agent B" decides to accept or
> reject the refer based on the delivered identifier
> 
> -Any other application based on white/black lists (where the identity
> verification must happen before accepting a request).
> 
> 
> While "signaling identity" seems to be a common denominator, I'm not
> sure about the role of "media identity" in the above listed scenarios.
> Any clarification will be appreciated.
[JRE] These too are valid situations where the identity needs to be authenticated. Where media is
involved, however, there is an additional problem of authenticating the media, and if the media is bound
to the signalling, a solution for authenticating the signalling would also authenticate the media. So we
either need a solution for authenticating both signalling and media together (e.g., by authenticating
the signalling, the media too gets authenticated) or we need separate mechanisms. Clearly the former
would be preferable.

John

> 
> Cheers,
> -- 
> Victor Pascual Ávila
> _______________________________________________
> Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
> This list is for NEW development of the core SIP Protocol
> Use sip-implementors <at> cs.columbia.edu for questions on current sip
> Use sipping <at> ietf.org for new developments on the application of sip
> 
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors <at> cs.columbia.edu for questions on current sip
Use sipping <at> ietf.org for new developments on the application of sip