[VOIPSEC] Truths on "Truth in Caller ID Act"
John Osmon
josmon at rigozsaurus.com
Thu Oct 5 22:41:18 CDT 2006
On Thu, Oct 05, 2006 at 11:08:05AM -0400, Geoff Devine wrote:
> I see this as a trust federation. [...]
I like this trust federation idea. But I also want to be able to
use a non-trusted channel of communication, and use other means
to establish trust (either in-band, or out-of-band).
In reality, those other means will also be used by security concious
types even when they use the trusted channels. They will understand
that the truth federation can be spoofed in some fashion (although it
may be more difficult to do than the ANI/CLI spoofing that started
this conversation).
More than anything, I'd like to ensure that the federation of trust
(whatever its form) is *NOT* mandated by govenment. Let providers
decide whether or not to implement it. I'll choose a provider
that works with the standards I care to use.
More information about the Voipsec
mailing list