Hi Jonathan, The use case we are looking at is where the registrar is separate from the edge proxy. While the edge proxy could validate the UA has access to a cert issued by a trusted root, it doesn't necessarily mean the UA has a valid subscription to network services. The edge proxy may/would not have access to this type of registration data, thus the need to authenticate from UA to registrar. The only use case I am aware of is UAs authenticating directly to registrar's, for these same reasons.
Steve. -----Original Message----- From: Jonathan Rosenberg [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 27, 2007 2:43 PM To: Dean Willis Cc: IETF SIP List; DRAGE,Keith (Keith) Subject: Re: [Sip] Certificate authentication in SIP Dean Willis wrote: > Jonathan Rosenberg wrote: > >>Well, I'm going to be contrarian here. I'm not convinced that this is >>needed. >> >>I think certificate based authentication is a great idea. However, I >>am not sure I understand why TLS is not an appropriate solution. >> > > > I think it is very simple why TLS is not appropriate. TLS doesn't work > across proxies, and would therefore require the edge proxy to do > authentication. So what? I think thats what ought to happen. I'd like to see some specific use cases where this can't work with the edge proxy performing the authentication. Keep in mind, we are talking about *certificate* authentication; that doesn't (by definition) required any kind of pre-arranged secret - only a common root CA. -Jonathan R. -- Jonathan D. Rosenberg, Ph.D. 600 Lanidex Plaza Cisco Fellow Parsippany, NJ 07054-2711 Cisco Systems [EMAIL PROTECTED] FAX: (973) 952-5050 http://www.jdrosen.net PHONE: (973) 952-5000 http://www.cisco.com _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
