On Wed, Mar 11, 2009 at 2:49 PM, Nils Ohlmeier <[email protected]> wrote: > Sure to create a Contact binding via an authenticated REGISTER is one > possible solution. > But I think this only works because you rely on the fact that REGISTERs > are not being retargeted like INVITEs. Which then in the end means you > simply can forget about authenticating all other requests, as long as the > Contact or IP/port was successfully authenticated via the "one hop" > REGISTER method (refer-to: IMS). > The advantage of this solution is clearly that it can be easily deployed > by hopefully most of the service providers today. > > But I believe the proper technical solution would be that the server > authenticates itself in the challenge, plus adding protected informations > to the challenge which allows the receiver of the challenge to verify that > this challenge was/is targeted to himself. > The dis-advantage is clearly that this would be only possible with > extensions of the existing protocols. But we would/might gain other > benefits by such a solution as well.
I did not follow the discussion on draft-dotson-sip-mutual-auth. Has this work been discontinued? http://tools.ietf.org/id/draft-dotson-sip-mutual-auth-03.txt Cheers, -- Victor Pascual Ávila _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [email protected] for questions on current sip Use [email protected] for new developments on the application of sip
