[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Simple] COMEDIA vs MSRP Relays: COMEDIA-TLS

To: Ben Campbell <ben at nostrum.com>, Simple WG <simple at ietf.org>
Subject: Re: [Simple] COMEDIA vs MSRP Relays: COMEDIA-TLS
From: Hadriel Kaplan <HKaplan at acmepacket.com>
Date: Tue, 21 Jul 2009 18:17:34 -0400
Accept-language: en-US
Acceptlanguage: en-US
Delivered-to: simple at core3.amsl.com
In-reply-to: <A51C7533-3428-45C5-93E3-093EC820C384 at nostrum.com>
List-archive: <http://www.ietf.org/mail-archive/web/simple>
List-help: <mailto:simple-request@ietf.org?subject=help>
List-id: SIP for Instant Messaging and Presence Leveraging Extensions <simple.ietf.org>
List-post: <mailto:simple@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/simple>, <mailto:simple-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/simple>, <mailto:simple-request@ietf.org?subject=unsubscribe>
References: <A51C7533-3428-45C5-93E3-093EC820C384 at nostrum.com>
Thread-index: AcoJf2trBPtYFbNxTxCwcIjEhAXGVAA0Tx2g
Thread-topic: [Simple] COMEDIA vs MSRP Relays: COMEDIA-TLS

Yup, I noted that issue in one of the earlier emails (long ago): that if we use the fingerprint with MSRP Relays, then we need a way for a UA to learn the fingerprint of its Relay(s). (presumably through the MSRP messaging it uses to get the use-path MSRP URI from such Relay(s)?)

-hadriel


> -----Original Message-----
> From: simple-bounces at ietf.org [mailto:simple-bounces at ietf.org] On Behalf
> Of Ben Campbell
>
> How does COMEDIA-TLS work with MSRP relays? (There has been some
> discussion on this one, but I don't recall any conclusions)
> 
> If I understand correctly, RFC 4572 is really only designed for the
> use of self-signed TLS certs. At least, it states parties to a TLS
> session MUST provide certificate fingerprints. This is an issue for
> MSRP relays, as relays are not involved in the SDP offer/answer, and
> the endpoints are not going to necessarily know the fingerprints of
> certificates used by a relay. Also, it's quite likely that an MSRP
> relay will use a cert signed by a well-known CA, where a fingerprint
> would not add much value.
> 
> _______________________________________________
> Simple mailing list
> Simple at ietf.org
> https://www.ietf.org/mailman/listinfo/simple

Follow-Ups:
- Re: [Simple] COMEDIA vs MSRP Relays: COMEDIA-TLS
  - From: Christer Holmberg

References:
- [Simple] COMEDIA vs MSRP Relays: COMEDIA-TLS
  - From: Ben Campbell

Prev by Date: Re: [Simple] COMEDIA vs MSRP Relays: Shared Connections
Next by Date: Re: [Simple] COMEDIA vs MSRP Relays: Shared Connections
Previous by thread: [Simple] COMEDIA vs MSRP Relays: COMEDIA-TLS
Next by thread: Re: [Simple] COMEDIA vs MSRP Relays: COMEDIA-TLS
Index(es):
- Date
- Thread