inline > -----Original Message----- > From: Jonathan Rosenberg [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 05, 2007 7:38 PM > To: Rai, Anupam (Anupam) > Cc: Steve Dotson; IETF SIP List; DRAGE,Keith (Keith); Dean Willis > Subject: Re: [Sip] Certificate authentication in SIP > > inline: > > Rai, Anupam (Anupam) wrote: > > > > inline > > > >> -----Original Message----- > >> From: Jonathan Rosenberg [mailto:[EMAIL PROTECTED] > >> Sent: Thursday, July 05, 2007 6:33 PM > >> To: Rai, Anupam (Anupam) > >> Cc: Steve Dotson; IETF SIP List; DRAGE,Keith (Keith); Dean Willis > >> Subject: Re: [Sip] Certificate authentication in SIP > >> > >> > >> > >> Rai, Anupam (Anupam) wrote: > >>> (1) Will the the P-A-ID syntax require modification to carry UA's > >>> certificate related information (Obtained during mutual > >> TLS) from edge > >>> proxy to home proxy or registrar ? > >> Yes. You'd get nothing but the identity. Do you need more? > >> > > [Anupam Rai] > > Identity as asserted by certificate presented by UA during > mutual TLS > > or identity as established by edge proxy after consulting some > > authentication service/database ? > > As asserted by the certificate. In other words, the edge > proxy would validate the client cert, extract the > subjectAltName which presumably has something like > [EMAIL PROTECTED] somewhere and then shoves that into a > P-Asserted-ID. Or if it matches the From it would use RFC > 4474 and sign the request.
[Anupam Rai] It would be nice to include some more information related to certificate presented by UA. At a minimum identity of the UA's certificate issuer is required. > > -Jonathan R. > > > -- > Jonathan D. Rosenberg, Ph.D. 600 Lanidex Plaza > Cisco Fellow Parsippany, NJ > 07054-2711 > Cisco Systems > [EMAIL PROTECTED] FAX: (973) 952-5050 > http://www.jdrosen.net PHONE: (973) 952-5000 > http://www.cisco.com > _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
