On Tue, 2008-10-28 at 16:46 -0400, Andy Spitzer wrote: > Woof! > > On Tue, 28 Oct 2008 15:30:28 -0400, Scott Lawrence > <[EMAIL PROTECTED]> wrote: > > > Opinions? > > I know I'm comming in late to the party, and hate to armchair quarterback, > but as the XML-RPC 'tween sipxconfig and sipxsupervisor uses SSL, and thus > both sides must have valid certs, why is there an additional requirement > that the configuring host be on a magic list? What are you trying to > protect against there?
The cert tells you that the peer "is" the name it claims to be - it does not tell you that the host by that name is entitled to configure your system. I can provide a passport that identifies me as Scott Lawrence - that does not authorize me to do anything in particular. authentication is not authorization _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
