A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : TLS sessions in SIP using DNS-based Authentication of
Named Entities (DANE) TLSA records
Author(s) : Olle E. Johansson
Filename : draft-johansson-dane-sip-00.txt
Pages : 9
Date : 2013-07-10
Abstract:
Use of TLS in the SIP protocol is defined in multiple documents,
starting with RFC 3261. The actual verification that happens when
setting up a SIP TLS connection to a SIP server based on a SIP URI is
described in detail in RFC 5922 - SIP Domain Certificates.
In this document, an alternative method is defined, using DNS-Based
Authentication of Named Entities (DANE). By looking up TLSA DNS
records and using DNSsec protection of the required queries,
including lookups for NAPTR and SRV records, a SIP Client can verify
the identity of the TLS SIP server in a different way, matching on
the SRV host name in the X.509 PKIX certificate instead of the SIP
domain. This provides more scalability in hosting solutions and make
it easier to use standard CA certificates (if needed at all).
This document updates RFC 5922.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-johansson-dane-sip
There's also a htmlized version available at:
http://tools.ietf.org/html/draft-johansson-dane-sip-00
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
I-D-Announce mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
