(as individual) On Apr 30, 2009, at 8:13 AM, Ben Campbell wrote:
To make this interop with MSRP relays, we would need more work. Relays are not involved in the SIP signaling, so there's noopportunity forthem to send a fingerprint. We would need some way for endpoints to get fingerprints from the relays, and include them in the signaling.Just for my clarification: how is that related to routing based on c/m/a=path, and possibly having a B2BUA which may modify the address information of the ACM client's c/m/a=path?It's specific to the idea of having TLS cert fingerprints sent in SIP for each relay. It's only needed in case where a middlebox modified the path attribute to modify the IP addresses or host names in the MSRP uris, creating the certificate mismatch we have discussed.
Also, don't get me wrong--I do not mean that to be a complete specification of the requirements, as much as evidence that if we were to introduce a fingerprints-for-relays solution, we have some engineering to do to make it useful. I don't think it's good enough to just call out the possibility of doing the work and calling it done.