inline:
Rai, Anupam (Anupam) wrote:
inline
-----Original Message-----
From: Jonathan Rosenberg [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 05, 2007 6:33 PM
To: Rai, Anupam (Anupam)
Cc: Steve Dotson; IETF SIP List; DRAGE,Keith (Keith); Dean Willis
Subject: Re: [Sip] Certificate authentication in SIP
Rai, Anupam (Anupam) wrote:
(1) Will the the P-A-ID syntax require modification to carry UA's
certificate related information (Obtained during mutual
TLS) from edge
proxy to home proxy or registrar ?
Yes. You'd get nothing but the identity. Do you need more?
[Anupam Rai]
Identity as asserted by certificate presented by UA during mutual TLS or
identity as established by edge proxy after consulting some
authentication service/database ?
As asserted by the certificate. In other words, the edge proxy would
validate the client cert, extract the subjectAltName which presumably
has something like [EMAIL PROTECTED] somewhere and then shoves that into a
P-Asserted-ID. Or if it matches the From it would use RFC 4474 and sign
the request.
-Jonathan R.
--
Jonathan D. Rosenberg, Ph.D. 600 Lanidex Plaza
Cisco Fellow Parsippany, NJ 07054-2711
Cisco Systems
[EMAIL PROTECTED] FAX: (973) 952-5050
http://www.jdrosen.net PHONE: (973) 952-5000
http://www.cisco.com
_______________________________________________
Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
