Based on feedback received at the last IETF SIP WG meeting, I have updated the Certificate Authentication in SIP requirements draft, which can be found at: http://www.ietf.org/internet-drafts/draft-dotson-sip-certificate-auth-04 .txt To summarize the changes made related to comments I received (and these are not exact quotes): "Pick one use case, device certificates or user certificates, and bring that back in" While I feel that both use cases are needed, I updated the draft to focus specifically on device certificates, as there are millions of cable devices with certificates deployed that can be leveraged. "Since the edge proxy is always trusted, why not do mutual TLS to the edge proxy and do PAID or Identity to the registrar" I added this under "existing work". There were some emails between Anupam and Jonathan a few months back on whether certificate information needs to be passed from the edge proxy to the registrar. The outcome was that for user certs, maybe not. However, for device certificates, since the registrar contains the mapping that would need to exist between the identity in the device certificate and the public identities authorized for that device identity, the device identity would need to be passed to the registrar somehow to make this association. "We have existing solutions already" As described in the "existing work" section of the draft, while there are existing mechanisms (TLS, S/MIME, etc.), there are no documented procedures on how to use those mechanisms for UA to registrar authentication. "Look at what has been done already and put that in the draft" This was already present in the previous version.
Thanks, Steve.
_______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
