Hi, I have the following doubt on STUN Client. A STUN Client, would establish a TLS connection with the STUN server before sending Shared Secret Request(SSR).
Here, (i.e. after establishing TLS connection and before sending Shared Secret Request,) should the STUN Client verify the CERTIFICATE of the STUN server, with its Certificate from the SAME certificate authority? In other words, must a STUN client require a Certificate from the Certificate Authority, used by the STUN server? This is not very clear from the STUN draft (ietf-behave-rfc3489bis-01.txt), which says: "The client opens up the connection to that address and port, and immediately begins TLS negotiation [2]. The client MUST verify the identity of the server. To do that, it follows the identification procedures defined in Section 3.1 of RFC 2818 [5]. Those procedures assume the client is dereferencing a URI. For purposes of usage with this specification, the client treats the domain name or IP address used in Section 9.1 as the host portion of the URI that has been dereferenced." Verification of the "identity of the server", following RFC 2815,,does not require a Certificate according to my understanding. It would be very helpful, if someone can throw some light on this. Thanks in advance, Prakash Disclaimer: This message and any attachment(s) contained here are information that is confidential, proprietary to HCL Technologies and its customers, privileged or otherwise protected by law. The information is solely intended for the individual or the entity it is addressed to. If you are not the intended recipient of this message, you are not authorized to read, forward, print, retain, copy or disseminate this message or any part of it. If you have received this e-mail in error, please notify the sender immediately by return e-mail and delete it from your computer. _______________________________________________ Sip-implementors mailing list [email protected] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
