Dean Willis wrote:
Jonathan Rosenberg wrote:
Well, I'm going to be contrarian here. I'm not convinced that this is
needed.
I think certificate based authentication is a great idea. However, I am
not sure I understand why TLS is not an appropriate solution.
I think it is very simple why TLS is not appropriate. TLS doesn't work
across proxies, and would therefore require the edge proxy to do
authentication.
So what? I think thats what ought to happen. I'd like to see some
specific use cases where this can't work with the edge proxy performing
the authentication. Keep in mind, we are talking about *certificate*
authentication; that doesn't (by definition) required any kind of
pre-arranged secret - only a common root CA.
-Jonathan R.
--
Jonathan D. Rosenberg, Ph.D. 600 Lanidex Plaza
Cisco Fellow Parsippany, NJ 07054-2711
Cisco Systems
[EMAIL PROTECTED] FAX: (973) 952-5050
http://www.jdrosen.net PHONE: (973) 952-5000
http://www.cisco.com
_______________________________________________
Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
