[Dundi] [RFC] GPA accountability/recourse and potential protocol addition

[Mark Spencer]

> Yes, I originally considered proposing that, because it is proactive rather 
> than reactive. However, the SIP protocol does not support it, and IAX doesn't 
> either, although it could be extended to do so.

Au contraire, IAX does support public key authentication.

> It has a bigger problem, though: I don't have the EIDs and public keys of 
> every peer on the network, and it cannot be sent by the peer during the call 
> setup (at least the public key can't), or it would be untrusted. That means 
> you have to have some other means of obtaining the public key for a given 
> EID, which requires either the other peers to provide that to you on request, 
> or there would have to be some sort of "key servers" that would provide them. 
> DUNDi is trying avoid that sort of centralization :-)

The general idea here is that you would obtain the key by going through 
your directly trusted peers.  We cannot technologically prevent fraud, but 
it may be possible to improve the protocol in such a way as to make the 
tracing of fraudulent calls easier.

> Also, I don't want to have to issue a request into the network to obtain the 
> public key for a given EID whenever I get a call from them; that will 
> drastically increase call setup time.

Right, this would also have to be addressed.  Maybe it's not even the 
public key but something else.

Mark