Henning Schulzrinne writes:
> Michael Thomas wrote:
> > I guess I'm missing the huge difference
> > here. Both situations the UAC is somewhat
> > clueless about what credentials it needs
> > to ship for the URI. It can guess, and may
> > do a reasonable job at that, but it looks
> > fundamentally the same to me.
>
> No, this is very different. In the certificate (X.509, S/MIME, PGP)
> case, the UAC doesn't need to know anything about the receiver. It
> simply sends a cert saying "CA X believes I'm Telephant Telecom. If you
> believe CA X, you'll trust that I'm indeed Telephant." For basic and
> digest, the UAC has to know
Not true. You are still guessing that the UAS will
trust that certificate hierarchy. That may not be
a valid assumption. It's the exact same problem
as guessing which basic/digest realm might be needed
along the way. I can just as easily posit a global
symmetric key realm as a global PKI realm. Both
are fantasies.
This is a TANSTAAFL problem inherent in proxy
routed traffic.
Mike
- RE: [SIP] Re: SIP gateways and authentication Rosen, Brian
- [SIP] Re: SIP gateways and authentication Michael Thomas
- Re: [SIP] Re: SIP gateways and authentication Michael Thomas
- Re: [SIP] Re: SIP gateways and authentication Henning Schulzrinne
- Re: [SIP] Re: SIP gateways and authentication James A. Donald
- Re: [SIP] Re: SIP gateways and authentication Michael Thomas
- Re: [SIP] Re: SIP gateways and authentication Henning Schulzrinne
- Re: [SIP] Re: SIP gateways and authentication Henning Schulzrinne
- Re: [SIP] Re: SIP gateways and authentication Michael Thomas
- Re: [SIP] Re: SIP gateways and authentication Paul Krumviede
- Re: [SIP] Re: SIP gateways and authentication Henning Schulzrinne
- Re: [SIP] Re: SIP gateways and authentication Michael Thomas
- Re: [SIP] Re: SIP gateways and authentication James A. Donald
- Re: [SIP] Re: SIP gateways and authentication Michael Thomas
- RE: [SIP] Re: SIP gateways and authentication Henry Sinnreich
- Re: [SIP] Re: SIP gateways and authentication Jonathan Trostle
