search

sysapps / telephony

API to manage telephony calls
16 stars 12 forks source link

Security considerations about MSISDN. #169

Closed marcoscaceres closed 11 years ago

marcoscaceres commented 11 years ago

The spec says:

However, the user agent MUST NOT use the MSISDN as the telephony service id.

This should be in the security and privacy considerations section of the spec, and it should be expanded to explain why it would be a bad thing to do that.

zolkis commented 11 years ago

It is not for security reasons, but because it cannot guarantee uniqueness. We discussed this topic on the F2F.

marcoscaceres commented 11 years ago

Ah, ok. Will add that :)