Security considerations about MSISDN.
marcoscaceres opened this issue · comments
Marcos Cáceres commented
The spec says:
However, the user agent MUST NOT use the MSISDN as the telephony service id.
This should be in the security and privacy considerations section of the spec, and it should be expanded to explain why it would be a bad thing to do that.
Zoltan Kis commented
It is not for security reasons, but because it cannot guarantee uniqueness. We discussed this topic on the F2F.
Marcos Cáceres commented
Ah, ok. Will add that :)