[VOIPSEC] spam and enum
styagi at sipera.com
Fri Sep 1 08:09:05 BST 2006
Hi Dan, Simon,
Digressing little bit from discussion here ...
I don't see how authentication solves the SPAM problem.
The reason we have e-mail spam is because it is easy to automate, free etc. (signup for thosands of e-mail accounts, some of the email servers use domain certificates etc but does not help much)
Once SIP services become free and easy to automate (think free skype out with SDK available to automate it and automated ways to signup for accounts, same available for SIP)
Unless I block out all unknown/first time callers or something
Am I missing something.
Dan Wing <dwing at fuggles.com> wrote:
> No but why call it end to end when you don't really do end to
> end anyway? Why call it SIP identity when the UA's involved don't
> actually identify themselves to each other.
"SIP Edge Identity" could perhaps be a more accurate title.
> Why have the
> baggage of reverse authentication when perhaps for your intended
> purpose you don't need it.
If by 'reverse authentication' you mean the identity of the called
party, SIP-Identity doesn't provide the identity of the called party --
rather, it only identifies someone sending a request (such as an
Invite). That is usually only the calling party. One way to get
sip-identity to identify the called party is for the called party to
send a request, and have that request signed by their sip-identity
agent. draft-ietf-sip-connected-identity-01.txt suggests doing that.
> Why don't you just use TLS and then you get a secure
> signalling channel too.
The existence of NATs, firewalls, and SBCs precludes opening a TCP
connection directly with each other.
Voipsec mailing list
Voipsec at voipsa.org
More information about the Voipsec