[Sip] TLS post connection verification

["Eron Stein" <eronstein@hotmail.com>]

Hi,

When sending a request (ie REGISTER) to a server I can compare the request 
URI to the common name (or the alt dns name) in the certificate. If the 
names match, I can conclude that the certificate is OK.
(I'm using OpenSSL, and they recommend this post connection assertion).

I have two questions thou:

1 - What name should I use for comparison when accepting a connection?
Usually only the UAC will demand certificate, I am concerned with te case of 
two proxies trying to connect using TLS and the UAS proxy asking for client 
certificates. (what uri will the UAS proxy has, there is no message yet).

2 - how should broken connection be handled? lets say UAC1 sent a request 
over TLS to UAS1. the handshake went well and the request sent. than for 
some reason, the connection was broken and UAS1 now needs to reestablish the 
connection. What should UAS1 do? use TLS w/out certificates?


Regards,
Eron Stein

_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail

_______________________________________________
Sip mailing list  https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip