Well,
ssh without certs requires that I share a secret with each destination I
want to connect to. That isn't going to fly for phones.
And while https doesn't require the client to have a cert, it still
requires the server to have one. So that isn't going to fly (for e2e)
either.
And as soon as you say "well, maybe it doesn't have to be e2e" then you
end up back where we are.
Paul
Adam Roach wrote:
On 7/9/08 12:49 PM, Michael Thomas wrote:
Adam Roach wrote:
Stupid security, on the other hand, isn't something you'll find
anyone who knows the first thing about computers doing. No one uses
stock FTP or telnet for real tasks any more -- it's all scp and ssh.
But ITSPs don't deploy SIP over TLS for reasons I can't fathom.
Anyone who knows the first thing about IP networks recognizes that it
is laughable to authenticate based on source IP address. And yet
ITSPs insist on doing so. The most popular application on the
internet has a well-exercised, certificate-based, crypto-secure means
of determining the identity of a server (TLS). SIP, from its
inception, has been able to leverage this exact mechanism at least
for authentication of servers and for confidentiality of signaling.
ITSPs aren't deploying it.
Maybe it's the certificates. If ssh required certs to operate, do you
think it
would have the massive uptake that it's seen? I don't.
https?
/a
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
