Michael Thomas wrote:
>
> Henning Schulzrinne writes:
> > Michael Thomas wrote:
> > > I guess I'm missing the huge difference
> > > here. Both situations the UAC is somewhat
> > > clueless about what credentials it needs
> > > to ship for the URI. It can guess, and may
> > > do a reasonable job at that, but it looks
> > > fundamentally the same to me.
> >
> > No, this is very different. In the certificate (X.509, S/MIME, PGP)
> > case, the UAC doesn't need to know anything about the receiver. It
> > simply sends a cert saying "CA X believes I'm Telephant Telecom. If you
> > believe CA X, you'll trust that I'm indeed Telephant." For basic and
> > digest, the UAC has to know
>
> Not true. You are still guessing that the UAS will
> trust that certificate hierarchy. That may not be
> a valid assumption. It's the exact same problem
> as guessing which basic/digest realm might be needed
> along the way. I can just as easily posit a global
> symmetric key realm as a global PKI realm. Both
> are fantasies.
Given the practical success of having CA's embedded in millions of web
clients, this seems at least feasible and works millions of times each
day, even though it's less than ideal if you're a new CA and want to be
recognized as such. I see no way to have a global symmetric key realm
without additional protocol support. (Even with a monster LDAP database
containing the world's users, there doesn't seem to be a way that a UAS
can verify your *digest* secret in an external database without also
obtaining a useful secret that the UAS can employ elsewhere.)
This does not mean that you couldn't use a ticket-based system (Kerberos
and kin), but we're here talking about the existing SIP authentication
mechanisms Basic, Digest and PGP (or, in the case of S/MIME, trivially
added), not something that doesn't exist yet in our context.
>
> This is a TANSTAAFL problem inherent in proxy
> routed traffic.
>
> Mike
--
Henning Schulzrinne http://www.cs.columbia.edu/~hgs
