On Nov 7, 2011, at 4:54 PM, Iñaki Baz Castillo wrote: > 2011/11/7 Olle E. Johansson <o...@edvina.net>: >>>> And why do you compare S/MIME in SIP with a unicorn? >>> >>> Because both are theoretically possible but have not been found in the wild? >> >> And does anyone see a reason why? Not the unicorns... > > The reason: Telcos wallen gardens. SIP is not for the open Internet so > nobody cares about SIP security (security could make SBC's crazy !!!).
Heh, you forgot your <joking> tags again. ;) S/MIME isn't popular in SIP for some of the same reasons it's not very popular in email - although at least in email it has some actual security value and is sometimes even practical/usable, and thus used by some people. Some of the reasons S/MIME isn't usable for SIP are described in RFC 3261 itself, in various places in section 23 and its subsections. Then there's also the bigger question of what real problem is it solving. Other than being impractical and useless, though, it's a great idea. RFC 4474 tried it a different way, doing just the authentication aspect (signing), by having the domain proxies sign using domain certs, instead of the SIP UAC. It's closer to a DKIM model. The jury's still out though, on whether rfc4474 provides value and will get widespread use, or not. -hadriel _______________________________________________ Sip-implementors mailing list Sip-implementors@lists.cs.columbia.edu https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
