The use case where someone dials a number and proves their identity
using a PIN? One thing you mentioned at the bottom of your first
email http://www.imc.org/ietf-rtpsec/mail-archive/msg00751.html is
that "priority call placement use case is similar"; however, it
isn't -- IEPREP isn't requiring someone to connect to a remote
gateway, prove their identity to that remote gateway, and someone
pull that authentication and authorization 'back' into the
originating network. The trouble with such an approach is how
you'd get the access to perform that connection to that remote
resource in order to initiate that authorization in the first
place -- the phone system is overloaded and the more components
of it you involve the more likely you'll find overload.
and Dan was making a case for it too earlier
today.
In my email related to directionality? That was only an idea
to avoid the SDP for directionality.
-d
regards,
Lakshminath
On 6/12/2007 12:46 PM, Eric Rescorla wrote:
At Tue, 12 Jun 2007 12:39:47 -0700,
Lakshminath Dondeti wrote:
Right. So, why not do it?
Because it involves a number of changes in the DTLS model (having
one message happen out of band, having one clienthello elicit
multiple serverhellos, etc.) and nobody has described a compelling
reason to do this.
-Ekr