[VOIPSEC] Client authentication
Christoph Fürstaller
christoph.fuerstaller at kurtkrenn.com
Thu Apr 13 03:28:37 CDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Mark,
I'm using SIPS to disguise the call establishment (specially to disguise
the SRTP Keys in the SDP messages) I don't wannt to know (at that stage)
who is on the other side. I'm using OpenSER and make digest auth there
so after that I 'know' who is on the other side. I don't think I get
much advantages out of server certs?
chris...
Mark Baugher wrote:
> If you don't use client certs then how can you tell who is on the other
> side of the connection? I admit that sips does not offer great
> security. But why use it at all if you are not going to control access
> when making a connection. Wouldn't you require something like a site cert?
>
> Mark
> On Apr 12, 2006, at 5:29 AM, Christoph Fürstaller wrote:
>
> Hi,
>
> I'm testing SIPS for increased security during the call establishment.
>
> Is it a good idea to use client certs (for TLS connection)? Or is the
> effort to realice that to much? Cause the benefits from authenticating a
> client only for the TLS connection isn't that much. Authenticating the
> client against a DB is done later on in the PBX, so authentication would
> be done twice.
>
> What do you think about that?
>
> chris...
>
>>
_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFEPgu1R0exH8dhr/YRAisoAKDTk2G8JB48hJIH06vtG8x+Z0/g/ACgvngA
wpQZXmqNVQcPYqcLWbN4wwo=
=LPrz
-----END PGP SIGNATURE-----
More information about the Voipsec
mailing list