2011/5/3 Olle E. Johansson <[email protected]>: > SiP identity is used by a proxy that hosts a domain to verify a SIP identity > within that domain, basically telling the other part that "I am sure that > [email protected] is authorized to use this URI within my domain". Within the > domain, a registrar may use MD5 or TLS for the client to request > authorization for an AOR. > > When setting up the connection to the other domain's proxy, server > certificates may be used. > > Separate server identity with the function where the server assures a > specific URI within the server's domain.
But TLS certificates also allow that, i.e: Alice ----> Atlanta Proxy ----> Biloxi Proxy ----> Bob - Atlanta requests Digest authentication to Alice. - Atlanta starts a TLS connection with Biloxi. - Biloxi provides a TLS certificate. Atlanta validates the URI(s) contained in the certificate and match them against the SIP URI of Biloxi (sip:biloxi.com). - Also Atlanta provides a TLS certificate to Biloxi. Biloxi validates the URI(s) contained in the certificate and match them against the domain o the request From URI. Why is required Identity here? -- Iñaki Baz Castillo <[email protected]> _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
