[SIPForum-techwg] static authentication
Cullen Jennings
fluffy at cisco.com
Tue Feb 17 18:33:47 EST 2009
On Feb 13, 2009, at 2:57 , Elwell, John wrote:
> TLS mutual authentication (unless there is an underlying IPsec
> connection).
This does not seem to be what the spec says. Every SP I work with that
offer sip trunking wants to be able to bill for it. And to do this
they need to authenticate the PBX - so we need some way of doing this.
I think mutual TLS is one possible way but other people have pointed
out that some people don't want to use TLS.
In the case where IPSec was used, I think we still would need much
more about how it would work. I'm worried about two customers A and B
both connected to the same SP proxy both over IPSec. If B tries to get
their calls billed to A, what stops that. I can imagine ways to do
this but it seems that might need some text in the spec.
>
>
> I don't see how SIP digest would work if the SIP-PBX is a proxy.
I don't either :-)
>
>
> John
>
>> -----Original Message-----
>> From: techwg-bounces at sipforum.org
>> [mailto:techwg-bounces at sipforum.org] On Behalf Of Cullen Jennings
>> Sent: 12 February 2009 07:53
>> To: SIPForum-TechWG
>> Subject: [SIPForum-techwg] static authentication
>>
>>
>> In static mode, it is totally unclear how the SP authenticates the
>> PBX. I assume answer is digest but this did not seem required. Also
>> unclear how PBX authenticates SP.
>>
>> _______________________________________________
>> techwg mailing list
>> Send mail to: techwg at sipforum.org
>> Unsubscribe or edit options at:
>> http://sipforum.org/mailman/listinfo/techwg
>>
More information about the techwg
mailing list