[SIPForum-techwg] Spec-T, Trust
Cullen Jennings
fluffy at cisco.com
Thu Feb 12 03:16:39 EST 2009
When discussing the PAI, I think you have to come down on where the
trust boundaries of the Spec-T are or it is impossible for anyone to
deploy in a way that is secure yet still actually work. I suspect that
from a spec-T point of view, you will need to say that the PBX trust
the SP but but the SP does *not* trust the PBX. One you make this
decision, I think you need to relook at who uses the PAI and where and
when then from decide where to insert it.
Keep in mind that many jurastiction will require the SP to support
malicious call trace of anonymous calls. If you skipped over that last
sentence quickly, go read it again, it has bit implication for the use
of PAI.
More information about the techwg
mailing list