> > To summarize your email: anybody that needs SIP security will use > > TLS between their own proxies. That does seem to be the consensus. > > Perhaps how that works should be written up -- as in, does that mean > > when I have a TLS connection with boeing.com, I should only allow or > > only expect From: addresses that end in @boeing.com, and not > > @big-airplane.boeing.com and not @rolls-royce.com? > > Dan: I suspect you are talking of the above in the context > of SIP SAML.
That wasn't my intent. > Otherwise, for certificate-based authentication > between proxies, some of what you write above is discussed in > the sip-domain-certs draft. Yes, some of it is there. Can that draft be extended to talk about validating the From of requests (and maybe responses, I'm not sure) that come from over a TLS-authenticated connection? Or would that be out of scope for it? -d _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
