Kevin,
I am unsure of your intent with the last couple of lines of your email. I am not up to speed on SCTP but understand it to be for reliable transport of UDP with mechanisms (SACK) for fast retransmission etc - not a security protocol and TLS is a secure transmission method but is negotiated for a session by using a SIPS URI (correct me if I am wrong).
You wrote:
"and nothing stop you to implement your own security mechanism using extensions (Require header, Supported" header)
This statement seems to imply that you can define your own Require extension as a method of security ?, 3261 states that the Require and Supported headers MUST only use standard track RFC extensions.
Regards,
Wayne Davies
| "Kevin Bouchard" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 28/04/2004 11:31 PM
|
To: "Phan Quang Minh" <[EMAIL PROTECTED]> cc: [EMAIL PROTECTED] Subject: RE: [Sip-implementors] Does SIP offer a way to authenticate the caller? |
Hi,
SIP use the same authentication mechanism as HTTP does. You can use the
Basic authentication (NOT RECOMMENDED) or the Digest one. When you
subscribe to a SIP service that support authentication, you have to
create an account before register your UA with it. Then, when you try to
register, the server challenges your UA to authenticate using
WWW-Authenticate header. Your UA must provide the right credentials
otherwise the registration will fail.
Each time your UA will try to place a call, the server will return a 407
and your UA will be challenged for authentication. In my knowledge,
registration is not mandatory to place calls since you'll be challenged
to authenticate by the proxy each time you'll try to place a request.
There is also a lot of other secure process in SIP such as using secure
transport protocols (SCTP, TLS) and nothing stop you to implement your
own security mechanism using extensions (Require header, Supported
header).
Hope this helped,
Kevin.
> -----Original Message-----
> From: [EMAIL PROTECTED]
[mailto:sip-implementors-
> [EMAIL PROTECTED] On Behalf Of Phan Quang Minh
> Sent: 28 avril, 2004 08:43
> To: [EMAIL PROTECTED]
> Subject: [Sip-implementors] Does SIP offer a way to authenticate the
> caller?
>
> Hi all,
>
> As far as I can see, there is no caller authentication in SIP (
i.e.
> one can initiate calls through SIP Proxies without being registered).
> However, to use SIP with IMS in UMTS, there must be a way to
authenticate
> the caller ( i.e. to verify that the caller is really the one in the
FROM
> header of the INVITE message). I've read some 3GPP specifications
(24.228,
> 24.229) but I haven't found how they do that. Please help me with
this.
>
> Looking forward to hearing from you,
>
> Minh Phan
>
> _______________________________________________
> Sip-implementors mailing list
> [EMAIL PROTECTED]
> http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
Kevin Bouchard, ift.a.
Software engineer
Pyxis Products
Cardinal Health
330 St-Vallier Street E., Suite 330
Quebec City, QC, Canada
G1K 9C5
Tel.: (418)872-0172, x8974
Fax: (418)872-0038
[EMAIL PROTECTED]
_______________________________________________
Sip-implementors mailing list
[EMAIL PROTECTED]
http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
_______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
