Mutual authentication is discussed within the last paragraph of RFC 3261 section 22.4; however I'm not sure how many vendors have implemented it yet.
Authenticating responses still doesn't prevent man-in-the-middle type attacks. Additional security mechanisms such as tls are required for better protection. RFC 3261 section 26 discusses the security considerations. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Shikhar Sarkar > Sent: Thursday, October 13, 2005 3:33 PM > To: [email protected] > Subject: RE: [Sip-implementors] Authenticating an incoming SIP call > > > Vimal, > > I mean the case say (just an example) Alice is calling Bob, > > ISDN IAM Invite > Alice---------SS7---------->Softswitch------------>SIP phone(Bob) > > Now if the Softswitch wants to authenticate Bob as a valid > user for this call, how to do it using SIP? [Assume Bob is > already registered with the Softswitch, but the Softswitch > wants to authenticate Bob per call] > > I think I am missing something very fundamental. Otherwise, I > suppose this is the most basic question for any telecom guy. > > Shikhar _______________________________________________ Sip-implementors mailing list [email protected] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
