3 maj 2011 kl. 15.02 skrev Iñaki Baz Castillo: > 2011/5/3 Olle E. Johansson <[email protected]>: >> SiP identity is used by a proxy that hosts a domain to verify a SIP identity >> within that domain, basically telling the other part that "I am sure that >> [email protected] is authorized to use this URI within my domain". Within the >> domain, a registrar may use MD5 or TLS for the client to request >> authorization for an AOR. >> >> When setting up the connection to the other domain's proxy, server >> certificates may be used. >> >> Separate server identity with the function where the server assures a >> specific URI within the server's domain. > > But TLS certificates also allow that, i.e: > > Alice ----> Atlanta Proxy ----> Biloxi Proxy ----> Bob > > - Atlanta requests Digest authentication to Alice. > - Atlanta starts a TLS connection with Biloxi. > - Biloxi provides a TLS certificate. Atlanta validates the URI(s) > contained in the certificate and match them against the SIP URI of > Biloxi (sip:biloxi.com). > - Also Atlanta provides a TLS certificate to Biloxi. Biloxi validates > the URI(s) contained in the certificate and match them against the > domain o the request From URI. > > Why is required Identity here? > In that case you have only validated the domain of the From URI.
With SIP identity, the Atlanta proxy tells biloxi that "Yes, I have all reasons to believe that Alice is alice and have the right to use the URI [email protected]" ALso remember that Bob has no idea about the certificate Atlanta used to identify itself to Biloxi. /O _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
