I just posted draft-ietf-sip-media-security-requirements-07.txt which
incorporates the text suggested by Eric in
<http://www.ietf.org/mail-archive/web/sip/current/msg23495.html> and Steffen's
change to Eric's text described in
<http://www.ietf.org/mail-archive/web/sip/current/msg23502.html>.
With these changes, we now have:
...
4.9. Certificates
The discussion in this section relates to R-CERTS.
On the Internet and on some private networks, validating another
peer's certificate is often done through a trust anchor -- a list of
Certificate Authorities that are trusted. It can be difficult or
expensive for a peer to obtain these certificates. In all cases,
both parties to the call would need to trust the same trust anchor
(i.e., "certificate authority"). For these reasons, it is important
that the media plane key management protocol offer a mechanism that
allows end-users who have no prior association to authenticate to
each other without acquiring credentials from a third party trust
point. Note that this does not rule out mechanisms in which servers
have certificates and attest to the identities of end-users.
...
5.2. Security Requirements
...
R-CERTS:
The key management protocol MUST NOT require that end-users
obtain credentials (certificates or private keys) from a third-
party trust anchor.
...
Side-by-side diffs:
http://tinyurl.com/3kc85k
This closes the open issues with this document and it is now ready to forward
to the IESG.
-d
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
