Hi, Thanks. This implies that the peers then directly open a tcp connection and SIP is transported over tls with that connection.
UDP in that case can't be used, right ? Within TLS, it may be neccessary to have a CA for certificates as an enrollment server, right ? Best Regards Frédéric -----Original Message----- From: Eric Rescorla [mailto:[email protected]] Sent: Montag, 16. März 2009 17:32 To: Frédéric-Philippe Metz Cc: [email protected] Subject: Re: [P2PSIP] Question: Security issue resp. RELOAD and SIP usage draft-ietf-p2psip-sip-00 At Sun, 15 Mar 2009 19:36:56 +0100, Frédéric-Philippe Metz wrote: > > Hi, > > Since the connection is established end-to-end then without RELOAD, how can > you rely on - as the receiver of i.e. INVITE - that the identity of the the > .. let's say "message elements" such as "From"-Header ... is really the > person providing this information ? It's carried over a TLS connection, so you should have client auth. -Ekr _______________________________________________ P2PSIP mailing list [email protected] https://www.ietf.org/mailman/listinfo/p2psip
