Chapter 11 is a description of a specification for a given trust domain, referred to as Spec(T). You mention the second requirement is for Digest authentication. The third requirement is for TLS. If you have a TLS session then you are assured that the entity to which you sent the request is the one sending the response. If you determined that that entity was trusted to receive the request, then it is trusted to send a response. Chapter 11 is essentially a placeholder and a guideline, nothing else. Note the second paragraph which states:
"The remainder of this section presents an example Spec(T), which is not normative in any way." Its up to you to define Spec(T) for your trusted domain. Cheers -- Charles Eckel Software Engineer Voice Technology Group, Cisco Systems Deuringer Wolfgang wrote: > > Dear all, > > the RFC3325 states in Chapter 11.2 Authentication requirements that "Users must be > authenticated using SIP Digest Authentication". This contradicts the statement in > the SIP discussion > list that the P-Asserted-Identity should be available in response messages, too. > However I see no > way to authenticate response messages with SIP mechanisms. Additionally the RFC > shows the usage > of these headers only for Requests. > > If there is a common understanding that the P-Asserted-Identity header is required > for responses, > will there be an update of the RFC? > * What happens in a case where a proxy receives a response from a node he does > not trust? He cannot > authenticate the originator of the response. This means that he can only set up the > P-Asserted-Identity > for responsens of users which are stored within the database which is accessible by > the proxy. > * Does this mean that response messages from users not available in the > database would be skipped by the > proxy. > * Which responses should contain this P-Asserted-Identity Header? Only final > responses or even provisional ones? > > > Best regards, > > Wolfgang Deuringer > > ____________________________________________________ > Wolfgang Deuringer > ICN CP D NA D12 > Mch H/Sc8 > Tel. +49 89 722 28236 > Fax + 49 89 722 48697 > > _______________________________________________ > Sip-implementors mailing list > [EMAIL PROTECTED] > http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors _______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
