Hannes, > -----Original Message----- > From: Tschofenig, Hannes (NSN - FI/Espoo) > [mailto:[EMAIL PROTECTED] > Sent: 25 June 2008 14:00 > To: Elwell, John; Paul Kyzivat > Cc: [email protected]; Dan Wing > Subject: RE: [Sip] Toward the Evolution of SIP and Related > Working Groups > > > Consider the following scenario: > > +-----------+ +-----------+ > |SIP | |SIP | > +------>|Proxy |<---------->|Proxy |<------+ > | |Server X | TLS |Server Y | | > | +-----------+ +-----------+ | > | | > | TLS or TLS or | > | SIP Digest SIP Digest | > | | > | | > v v > +-----------+ +-----------+ > |SIP | |SIP | > |User Agent | RTP |User Agent | > |Alice | <=================================> |Bob | > +-----------+ +-----------+ > > > When there are no further proxies between X and Y then Y has the > information that Alice was authenticated by X. Proxy Y would pass that > info on to Bob. Bob trusts Y. > > Obviously, the two VoIP providers may have a far more complicated > infrastructure with multiple proxies but they all belong to the same > domain and could be seen from external as just one box. > > The same would not work when there are more proxies between X and Y. > However, these guys that prefer such a deployment belong more to the > chain of trust camp rather than the end-to-end / email alike peering > camp. It is rather unlikely that you get their support for getting SIP > Identity to work in their networks. > > So, do we have an indication that some folks plan to use SIP Identity > for their deployment? [JRE] Well, what about enterprise via service provider to enterprise? As an enterprise provider, I would like to be able to use SIP identity, but a precondition is that it gets through that intermediate service provider(s).
> > Wouldn't it be better to rely on something like SIP CERT for a better > end-to-end security mechanism (ignoring for a moment that SIP > CERT also > uses SIP Identity for "simplified deployment" reasons whereby > one has to > state that the usage of SIP Identity for SUBSCRIBE/NOTIFY might have > different B2BUA aspects). [JRE] You have lost me there. What is SIP CERT? Can you point me at a draft? John _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
