Dan Wing wrote:
To summarize your email: anybody that needs SIP security will use TLS between their own proxies. That does seem to be the consensus. Perhaps how that works should be written up -- as in, does that mean when I have a TLS connection with boeing.com, I should only allow or only expect From: addresses that end in @boeing.com, and not @big-airplane.boeing.com and not @rolls-royce.com?
Dan: I suspect you are talking of the above in the context
of SIP SAML. Otherwise, for certificate-based authentication
between proxies, some of what you write above is discussed in
the sip-domain-certs draft.
Thanks,
- vijay
--
Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent
2701 Lucent Lane, Rm. 9F-546, Lisle, Illinois 60532 (USA)
Email: vkg at {alcatel-lucent.com,bell-labs.com,acm.org}
WWW: http://www.alcatel-lucent.com/bell-labs
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip