[VOIPSEC] Client authentication
Varghese, George (Joe)
varghese at lucent.com
Wed Apr 12 09:01:40 CDT 2006
Mark,
Could you elaborate on why SIPS does not offer great security? I thought SIPS doesn't rule out site or client certification, and arguably needed to achieve the needed hop-by-hop protection e.g., recent contribution to IETF:
http://www.ietf.org/internet-drafts/draft-gurbani-sip-tls-use-00.html
Seemed with proper implementation, one can achieve great security with SIPS ... ?
Thanks,
joe varghese
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org]On
> Behalf Of Mark Baugher
> Sent: Wednesday, April 12, 2006 8:04 AM
> To: Christoph Fürstaller
> Cc: voipsec at voipsa.org
> Subject: Re: [VOIPSEC] Client authentication
>
>
> If you don't use client certs then how can you tell who is on
> the other
> side of the connection? I admit that sips does not offer great
> security. But why use it at all if you are not going to
> control access
> when making a connection. Wouldn't you require something like a site
> cert?
>
> Mark
> On Apr 12, 2006, at 5:29 AM, Christoph Fürstaller wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hi,
> >
> > I'm testing SIPS for increased security during the call
> establishment.
> >
> > Is it a good idea to use client certs (for TLS connection)?
> Or is the
> > effort to realice that to much? Cause the benefits from
> authenticating
> > a
> > client only for the TLS connection isn't that much.
> Authenticating the
> > client against a DB is done later on in the PBX, so authentication
> > would
> > be done twice.
> >
> > What do you think about that?
> >
> > chris...
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.1 (GNU/Linux)
> > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> >
> > iD8DBQFEPPKtR0exH8dhr/YRAoFcAKDGbRw7qVz/XNF7IMipfd//6KtuIQCgg9oQ
> > sOPz+PX13wg7eRFrjXNfKQI=
> > =6+DK
> > -----END PGP SIGNATURE-----
> >
> > _______________________________________________
> > Voipsec mailing list
> > Voipsec at voipsa.org
> > http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> >
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
More information about the Voipsec
mailing list