Thanks Vijay, and thanks Scott for the clarification. The SIP cert auth requirements document currently lists a few use cases:
- the certificate identifies a device - the certificate identifies a user There could also be the case where the device certificate is mapped to a user for subscription purposes, and there are probably others. As Sumanth states, depending on the agreed upon requirements, the solution could leave these types of specifics as out of scope and just handle the transport and messaging between UA and registrar, or we could go so far as to have certificate profiles and requirements and then work those requirements with the appropriate groups. Thanks. Steve. -----Original Message----- From: Scott Lawrence [mailto:[EMAIL PROTECTED] Sent: Friday, June 29, 2007 12:32 PM To: IETF SIP List; [EMAIL PROTECTED] Subject: Re: [Sip] Certificate authentication in SIP On Fri, 2007-06-29 at 09:37 -0500, Vijay K. Gurbani wrote: > Sumanth Channabasappa wrote: > > And if we find that certificates need some work to support this > > initiative (e.g., SIP identifiers as subjects), perhaps we can > > present some of those requirements to other WGs. If we find an > > existing solutions that can be used, good (and we can document them > > as such :) ). > > Scott Lawrence and I have spent some time on this issue, i.e., SIP > identifiers as subjects in X.509 certificates. The latest version of > the draft that includes pkix WG comments from Prague and the comments > of the sip WG ADs and others was posted last week to the archives, and > is available at > http://tools.ietf.org/html/draft-gurbani-sip-domain-certs-05 One qualification - the draft above is limited to certificates as whose subject is a SIP domain - not an individual. The goal is to clarify how such certificates are constructed and constrained, and how they should be used to authenticate that a server is authoritative for a domain. > Comments on this version would be extremely helpful. -- Scott Lawrence tel:+1-781-938-5306;ext=162 or sip:[EMAIL PROTECTED] sipXecs project coordinator - SIPfoundry http://www.sipfoundry.org/sipXecs Chief Technology Officer - Pingtel Corp. http://www.pingtel.com/ _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
