--
At 02:53 PM 8/25/2000 -0400, Henning Schulzrinne wrote:
> No, this is very different. In the certificate (X.509, S/MIME, PGP)
> case, the UAC doesn't need to know anything about the receiver. It
> simply sends a cert saying "CA X believes I'm Telephant Telecom. If you
> believe CA X, you'll trust that I'm indeed Telephant." For basic and
> digest, the UAC has to know
>
> - what user id's are valid at the UAS
> - what secrets are associated with those userids.
>
> Generally, a gateway calling a random SIP URL (obtained via enum, say),
would have no clue about any of these.
It seems to me that the more general problem is that the existing
certificate structure is designed to prove that Telephant Telecom is the
real Telephant Telecom , rightful owner of various cheque accounts and
credit cards, an entity capable of being sued. Ultimately, it is designed
to facilitate shopping and contracts.
It appears to me that the goal of encryption in SIP is not to enable
shopping and contracts, but merely to prove that when you are communicating
with [EMAIL PROTECTED] you are communicating with someone who knows the
password to log on to the account [EMAIL PROTECTED], and only that someone.
If our system has to know that [EMAIL PROTECTED] is the real Telephant
Telecom, in order to prevent someone from listening in to his sex chat, we
have problems.
If everyone in the system has to know that [EMAIL PROTECTED] is the real
Telephant Telecom, we have really big problems.
Sometimes Joe97 might want to prove he was the real Telephant Telecom for
some reason, but most of the time the software merely wants to know he is
the real Joe97, and does not want to deal with the burden of an additional
mapping between SIP identities and authenticated true names.
