|
Agree with Dean (w.r.t. technical details and the scenarios to protect the client from),
That said, I think it was felt that this was left out as an oversight, as opposed
to a conscious decision (need ; verification of this, as Keith indicated earlier).
In any case it would be nice to progress the I-D within the WG (irrespective of
the path chosen) and see if there is something amiss in what is being
proposed.
- S
From: Dean Willis [mailto:dean.willis softarmor.com]
Sent: Fri 11/30/2007 9:31 AM
To: Jonathan Rosenberg
Cc: sipietf.org; Cullen Jennings; DRAGE,Keith (Keith); Adam Roach
Subject: Re: [Sip] Mutual Auth: Enhancement, not correction
On Nov 30, 2007, at 9:58 AM, Jonathan Rosenberg wrote:
> That said, I agree with Adam and do not think this is an essential
> correction. Its a new feature. It adds proxy to user
> authentication. Indeed, I think its clearly the case that there are
> differing requirements driving user to proxy authentication than
> there are driving the reverse (one is for protecting against fraud,
> the other against malicious proxies).
>
I don't disagree with the result (progress the draft outside the
essential corrections process) but I think the use-case is really the
same: SIP nodes protecting themselves from other SIP nodes that may
be impostors.
It doesn't really matter whether the nodes in question are proxies or
user agents -- after all, some nodes will be proxies for some request
and UAs for other requests. The way you have it worded makes it sound ;
as if the proxies are trustworthy and the user agents aren't, which ;
is classic "telco" mentality and not particularly valid in an
Internet scenario. In the real world, I expect to see both hostile
proxies and hostile user agents.
--
Dean
_______________________________________________
Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementorscs.columbia.edu for questions on current sip
Use sippingietf.org for new developments on the application of sip
|
