On Nov 25, 2008, at 3:32 PM, Sumanth Channabasappa wrote:
Scott,
I had additional offline discussions with Ekr and Cullen last week.
Ekr
indicated that the proposed I-D does not align with the SIP security
model (UE <=> next-hop authentication; no need for UE <=>
<authentication beyond next hop>).
Huh?
We have long held that there may be multiple proxies (possibly in
different domains) challenging a given request. This has been a
hallmark of scenarios such as the "hotel proxy" that doesn't do
authentication or act as a an identity server but that does do local
firewall control.
So somebody is confused about something. Who knows, might be me,
occasionally I wake up in a different time-space continuum, but AFAIK,
we've always intended to support authentication more than one hop
away. In fact, I recall design discussions with Pingtel and 3Com
people about that as far back as 1999. Robert Sparks had a lot to say
about it, IIRC.
--
Dean
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
