Richard Shockey wrote:
RS> You cannot authoritatively determine a binding between a phone number
and a consumer (domain) without access to the databases.
The point of ViPR is that the authoritative mapping as you've defined it
just isn't necessary; a forward routability check is all that is really
needed.
Indeed, let us look at email for a moment. How does one know that
"jdrosen(_at_)jdrosen(_dot_)net" authoritatively maps to me? In reality the only
authoritative source for this is the databases at jdrosen.net which
contain credentials that are bound to me. However, those are
inaccessible to the rest of the world. Instead, one can check if
jdrosen(_at_)jdrosen(_dot_)net routes to me by sending me an email with some kind
of secret, and if I can prove I know that secret, you know that I'm
jdrosen(_at_)jdrosen(_dot_)net(_dot_) This forward routability check is the foundation
for vast amounts of web security and identity, and that same principle
is applied here for phone numbers.
Do you argue that we should stop using these forward email routing
checks in the web?
-Jonathan R.
--
Jonathan D. Rosenberg, Ph.D. SkypeID: jdrosen
Chief Technology Strategist Mobile: +1 (732) 766-2496
Skype SkypeIn: +1 (408) 465-0361
jdrosen(_at_)skype(_dot_)net http://www.skype.com
jdrosen(_at_)jdrosen(_dot_)net http://www.jdrosen.net
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf