Re: SIP certificate management (RFC 6072) and SIP outbound

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Oct 10, 2011, at 2:05 PM, Olle E. Johansson wrote:

> After reading RFC 6072 I can't help to wonder how this works with an outbound proxy configured in the UA.
> 
> For instance, using SIP Outbound we have two proxys that we keep an active flow to. RFC 6072 says that
> the UA is required to have a direct connection to the certificate service in order to publish a key and certificate.
> This is in order to be able to examine the servers certificate. 
> 
> Does this mean that a UA that follows RFC 6072 should override the pre-defined route in the UA and thus
> also ignore the SIP outbound mechanism for this transaction? 

Those outbound guys and 6072 guys should really talk to each other :-) 

Yes, the implementation I have seen are just skipping the outbound proxy for managing their own credentials. The alternative is to use an outbound server that you trust at the same level as your credential server. I don't like this as much because even thought they are likely managed by the same domain, the credential server is probably a bit more carefully managed with less going on with it. 




_______________________________________________
Sipping mailing list  https://www.ietf.org/mailman/listinfo/sipping
This list is for NEW development of the application of SIP
Use sip-implementors@xxxxxxxxxxxxxxx for questions on current sip
Use sip@xxxxxxxx for new developments of core SIP


[Index of Archives]     [IETF Announce]     [IETF Discussion]     [Linux SCSI]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Big List of Linux Books]

  Powered by Linux