[asterisk-users] why is CLIP(CallerID presentation) facility charged?
Raj Jain
rj2807 at gmail.com
Wed May 28 03:00:37 CDT 2008
On Wed, May 28, 2008 at 1:26 AM, Benjamin Jacob <ben4asterisk at yahoo.com> wrote:
> My q : Why is the Caller ID presentation facility charged? What's the big deal in providing it? Coming from the SIP/VoIP domain, all I see is setting the From(typically)/ Presentation fields, which more often than not, any self-respecting provider would set.
Leaving aside the why-it's-charged question, I can say that in a SIP
world presenting the caller-id is not the same as presenting the
contents of the From: header to the UAS. The UAs themselves generate
the From: header and that is what makes it the most unreliable and
unsecure source of caller-id.
To combat this problem, people came up with the Remote-Party-ID:
header and then the P-Asserted-ID: (RFC 3323) header. These headers
allowed a domain's authoritative proxy to insert the user's correct
identity in the message. But, these were deemed not secure and that's
when SIP-Identity (RFC 4474) came about, which allows a SIP proxy to
insert a user's cryptographic identity in a message and also sign it.
If the "last-mile" SIP provider were to render such a caller-id to the
UAS, there is *work involved* in decrypting the caller's identity and
authenticating the source that signed it.
--
Raj Jain
More information about the asterisk-users
mailing list