Jonathan Rosenberg wrote: > Well, I'm going to be contrarian here. I'm not convinced that this is > needed. > > I think certificate based authentication is a great idea. However, I am > not sure I understand why TLS is not an appropriate solution. >
I think it is very simple why TLS is not appropriate. TLS doesn't work across proxies, and would therefore require the edge proxy to do authentication. This is why we conventionally use digest or basic auth over TLS. Certificate authentication would provide the flexibility of TLS + basic (no challenge/response) with security better than TLS+digest (no replay). Of course, SIPSEC is another alternative. -- Dean _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
