Scott, I had additional offline discussions with Ekr and Cullen last week. Ekr indicated that the proposed I-D does not align with the SIP security model (UE <=> next-hop authentication; no need for UE <=> <authentication beyond next hop>).
This led to the question as to why we allow for the use of the Authentication-Info header. The response I received was that this may have been an oversight. If this is the case, I indicated that we may want to clarify (or correct) this. Ekr, Cullen, Feel free to add (or correct) my understanding. - S <snip> > Additionally, I had offline discussions (in Ireland) with one of the ADs > (Cullen) who saw value in (or at least did not dismiss) this I-D; unless > I misunderstood the conversation. We left the conversation with a plan > to discuss further with the security adviser. Did we miss any further > communication (from the ADs)? I think that this is a simple and obvious extension of the existing HTTP digest mechanism. SIP made the choice to change proxy authentication from the hop-by-hop architecture from HTTP to the end-to-middle model in SIP, but did not adopt the ability of the end to verify that the proxy actually can verify the credentials. It seems entirely reasonable to me to rectify this now. _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
