7 nov 2011 kl. 22:54 skrev Iñaki Baz Castillo: > 2011/11/7 Olle E. Johansson <[email protected]>: >>>> And why do you compare S/MIME in SIP with a unicorn? >>> >>> Because both are theoretically possible but have not been found in the wild? >> >> And does anyone see a reason why? Not the unicorns... > > The reason: Telcos wallen gardens. SIP is not for the open Internet so > nobody cares about SIP security (security could make SBC's crazy !!!).
It's easy to blaim everything on the "Telco"; but I think it's a marketing issue. SIP has been put to market as a PSTN replacement. Outside of that, nothing much has been done, apart from the IETF engineers strongly believing in a wider vision and adding security mechanisms to each and every RFC. Quite often mechanisms that did not become implemented, regardless of all SHOULD and MUST clauses. In fact, if you read RFC 3261, you should not send CANCEL over unprotected transports. Only TLS and IPsec, since CANCEL can not be authenticated... It's chicken and egg issue. We need more implementations to show that it actually works, but it's hard to get them done without customer demand. /O _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
