and in my understanding, if a hope changes something in the body, It should be authorized to do that and also it needs to update the Identity..
Regards, Bogdan Adrian Georgescu wrote: > I imagine one would want to use this mechanism exactly between two > legitimate hops to make sure that no intermediate has tempered with > the messages, isn't it? > > Adrian > > Bogdan-Andrei Iancu wrote: > > Hi Victor, > > > > I think this "limitation" is part of the mechanism :). > > > > it is the same as for secure sip and TLS > > not really -- changes to payload by legitimate SIP hops work with TLS > but not with RFC4474. > That was Victor's point. > > -jiri > > > - if you get on the path a node > > with not TLS support, the call will fail. In this case, if a hop does > > not understand SIP identity and changes the message, the call will be > > denied. > > > > Regards, > > Bogdan > > > > Victor Pascual Ávila wrote: > >> On Tue, Feb 10, 2009 at 10:11 PM, Adrian Georgescu <ag at ag- > projects.com> wrote: > >> > >>> Beyond being plain interesting, it is the most cost-efective way to > >>> implement secure identity between SIP Proxies serving different > domains. > >>> > >> Unless you had a node along the path breaking the signature > >> > > > > > > _______________________________________________ > > Users mailing list > > Users at lists.opensips.org > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
