I imagine one would want to use this mechanism exactly between two legitimate hops to make sure that no intermediate has tempered with the messages, isn't it?
Adrian Bogdan-Andrei Iancu wrote: > Hi Victor, > > I think this "limitation" is part of the mechanism :). > > it is the same as for secure sip and TLS not really -- changes to payload by legitimate SIP hops work with TLS but not with RFC4474. That was Victor's point. -jiri > - if you get on the path a node > with not TLS support, the call will fail. In this case, if a hop does > not understand SIP identity and changes the message, the call will be > denied. > > Regards, > Bogdan > > Victor Pascual Ávila wrote: >> On Tue, Feb 10, 2009 at 10:11 PM, Adrian Georgescu <ag at ag- projects.com> wrote: >> >>> Beyond being plain interesting, it is the most cost-efective way to >>> implement secure identity between SIP Proxies serving different domains. >>> >> Unless you had a node along the path breaking the signature >> > > > _______________________________________________ > Users mailing list > Users at lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
