Adam Roach wrote:
Stupid security, on the other hand, isn't something you'll find anyone
who knows the first thing about computers doing. No one uses stock FTP
or telnet for real tasks any more -- it's all scp and ssh. But ITSPs
don't deploy SIP over TLS for reasons I can't fathom. Anyone who knows
the first thing about IP networks recognizes that it is laughable to
authenticate based on source IP address. And yet ITSPs insist on doing
so. The most popular application on the internet has a well-exercised,
certificate-based, crypto-secure means of determining the identity of
a server (TLS). SIP, from its inception, has been able to leverage
this exact mechanism at least for authentication of servers and for
confidentiality of signaling. ITSPs aren't deploying it.
Maybe it's the certificates. If ssh required certs to operate, do you
think it
would have the massive uptake that it's seen? I don't.
Mike
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
