On Sun, 2008-11-16 at 20:25 -0700, Sumanth Channabasappa wrote: > Keith, > > Thanks for resurfacing this, it has been a while! To refresh the group's > memory the origin of the I-D was the need to allow a UA to mutually > authenticate with proxies other than the next-hop > (UA<->Proxies<->Proxy). For authenticating with the next-hop proxy, TLS > should be used (as acknowledged in the I-D). The earlier versions (-01 > and -02) raised more questions than answers! With -03 there seemed to be > a few interested people within this WG (and outside) who saw value in > this I-D (e.g., Scott Lawrence, Milan Patel, Christer Holmberg, Martin > Dolly, Francois Audet; see emails from around July '08). It would be > nice to get their feedback once again on the need (or not) for this > requirement (independent of the I-D). If we still see a need for this > requirement, I would solicit suggestions to revise the I-D to clearly > articulate the requirement and the potential solution(s). > > Additionally, I had offline discussions (in Ireland) with one of the ADs > (Cullen) who saw value in (or at least did not dismiss) this I-D; unless > I misunderstood the conversation. We left the conversation with a plan > to discuss further with the security adviser. Did we miss any further > communication (from the ADs)?
I think that this is a simple and obvious extension of the existing HTTP digest mechanism. SIP made the choice to change proxy authentication from the hop-by-hop architecture from HTTP to the end-to-middle model in SIP, but did not adopt the ability of the end to verify that the proxy actually can verify the credentials. It seems entirely reasonable to me to rectify this now. _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
