On 7/9/08 1:25 PM, Michael Thomas wrote:
Adam Roach wrote:
You're completely missing my point.
We, the IETF, have developed various security mechanisms with varying
properties and different levels of complexity.
Even the dirt-simple, well-deployed, proven ones -- like server
authentication and hop-by-hop confidentiality -- are being ignored by
the ITSPs.
If they're ignoring the no-brainers, why do we think they'll pay
attention to anything with even a slight bit of complexity (like
signing P-Asserted-Identity)?
Do you think that those same ITSP's are still using FTP and Telnet?
I don't have enough visibility into ITSPs' operations infrasture to
register an informed opinion. I wouldn't be surprised, if the same guys
design their operations infrastructure as do their SIP infrastructure.
I'm not sure how this point plays into the conversation, though -- these
same organizations all have a valid HTTPS certificate they use for their
web site.
/a
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
