On 7/9/08 12:49 PM, Michael Thomas wrote:
Adam Roach wrote:
Stupid security, on the other hand, isn't something you'll find
anyone who knows the first thing about computers doing. No one uses
stock FTP or telnet for real tasks any more -- it's all scp and ssh.
But ITSPs don't deploy SIP over TLS for reasons I can't fathom.
Anyone who knows the first thing about IP networks recognizes that it
is laughable to authenticate based on source IP address. And yet
ITSPs insist on doing so. The most popular application on the
internet has a well-exercised, certificate-based, crypto-secure means
of determining the identity of a server (TLS). SIP, from its
inception, has been able to leverage this exact mechanism at least
for authentication of servers and for confidentiality of signaling.
ITSPs aren't deploying it.
Maybe it's the certificates. If ssh required certs to operate, do you
think it
would have the massive uptake that it's seen? I don't.
https?
/a
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
