8 nov 2011 kl. 12:55 skrev Iñaki Baz Castillo: > 2011/11/8 Hadriel Kaplan <[email protected]>: >> Heh, you forgot your <joking> tags again. ;) > > Yes, but it should be <95%-joking> :) > > > >> Some of the reasons S/MIME isn't usable for SIP are described in RFC 3261 >> itself, in various places in section 23 and its subsections. Then there's >> also the bigger question of what real problem is it solving. > > ---------------- > Any mechanisms depending on the existence of end-user certificates > are seriously limited in that there is virtually no consolidated > authority today that provides certificates for end-user applications. > However, users SHOULD acquire certificates from known public > certificate authorities. As an alternative, users MAY create self- > signed certificates. The implications of self-signed certificates > are explored further in Section 26.4.2. Implementations may also use > pre-configured certificates in deployments in which a previous trust > relationship exists between all SIP entities.--------------- > > > So, in order to success, S/MIME requires at least one of the following > scenarios: > > > 1) Each user having a SIP phone MUST buy a TLS certificate signed by a > Root CA. woooow !!! > > 2) The SIP network MUST be a wallen garden in which the provider > configures all the phones with the list of the certificates of every > phones. > > > Option 1 is not feasible. Options 2 is not for Internet. > Also, in option 2 there is "no need for security" since it's a closed > environment, probably "secured" by a cool SBC that performs topology > hiding and other cool features such as packet inspection and > unsolicited recording of the communications (ok... <joking> XD). > > So better if we entirely forget S/MIME.
...or we take a serious look at the RFC describing SIP certificate distribution that in an interesting way hooks a private SIP CA to a public HTTP ca... /O _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
