wg-pic - Re: [wg-pic] From: anti-forgery
Subject: Presence and IntComm WG
List archive
- From: Jiri Kuthan <>
- To: ,
- Subject: Re: [wg-pic] From: anti-forgery
- Date: Tue, 22 Jun 2004 22:54:56 +0200
local SIP server can verify if From content is owned by user identified
by digest identity. Other servers may verify if requests come to them
from IPs of servers whose name is claimed in From. You can do it
today (the formed is available, the latter would take a tiny SER
extension).
In long term, we can do more -- interdomain TLS with credentials for
example. The reverse verification can be more sophisticated too.
On cost of call setup delay, a called phone could send a reverse query
meaning "are you really calling me"? ietf-sip-identify may be
another useful piece in the antispam puzzle. I don't think any of
these is hard to implement with SER -- the harded part is to convince
the operator community to agree on these techniques.
-jiri
At 04:47 PM 6/22/2004, Jeremy George wrote:
> As many of you are aware spam is all but certain to become a serious
>issue in VoIP. Among the key problems is that the From: address is so
>easily forged. This is one of the primary reasons the FCC refused
>recently to create a do not spam list. There is often no viable way to
>trace spam back to its originator.
>
> In PSTN-land the field that is used for billing and traceback purposes
>is called ANI (automatic number identification) and is _not_ user
>accessible. ANI shouldn't be confused with the Caller-Id which can be
>altered. The existence of ANI is what makes do not call lists so useful.
>Callers can be traced and prosecuted, if necessary. In effect, we need
>the equivalent of ANI on the net.
>
> If there were a VoIP mechanism to prevent From: address forgery, we'd
>have a valuable first stop toward stanching the flow of spam.
>Peterson and Jennings have authored a proposal for just such a mechanism.
>http://www.ietf.org/internet-drafts/draft-ietf-sip-identity-02.txt .
>
> I presented on this draft at the recent SIP.edu Implementor's workshop
>but I don't think that SIP.edu'ers feel proprietary about it. There
>isn't an action item for us here, yet, but I thought you might find it
>interesting.
>
> Jiri, have you read it? Would it be hard to implement in SER?
>
>- Jeremy
>
>--
--
Jiri Kuthan http://iptel.org/~jiri/
- From: anti-forgery, Jeremy George, 06/22/2004
- Message not available
- Re: [wg-pic] From: anti-forgery, Jiri Kuthan, 06/22/2004
- Message not available
Archive powered by MHonArc 2.6.16.