[SIPForum-techwg] draft v04 - certificate validate

Cullen Jennings fluffy at cisco.com
Sun Feb 22 12:25:44 EST 2009 

Even worse, lets imagine hypothetically that the none of the major PBX  
vendors ship this in the mainstream products in the next 3 years. That  
means no one is complaint for 3 years. If that happens, it seems like  
the whole compliance idea will just basically fail.

On Feb 20, 2009, at 5:39 AM, Bharrat, Shaun wrote:

>>
>>> I'm curious. Do many SIP-PBX implementations (or SPs for
>> that matter)
>>> actually support CRLs or OCSP?
>>
>> No, most (all?) don't.
>>
>>> Is this setting the bar too high?
>> No, I don't think it is.
>
> So by definition every body starts off being
> SIPConnect 1.1 non-compliant (even if they are currently
> 1.0 compliant)?
>
> With my vendor-hat on, I'm not particularly enamored.
>
> Cheers,
> Shaun
>
>> -----Original Message-----
>> From: Theo Zourzouvillys [mailto:theo at crazygreek.co.uk]
>> Sent: Friday, February 20, 2009 12:38 AM
>> To: Bharrat, Shaun
>> Cc: techwg at sipforum.org
>> Subject: Re: [SIPForum-techwg] draft v04 - certificate validate
>>
>> On Fri, Feb 13, 2009 at 12:27 PM, Bharrat, Shaun
>> <SBharrat at sonusnet.com> wrote:
>>
>>> I'm curious. Do many SIP-PBX implementations (or SPs for
>> that matter)
>>> actually support CRLs or OCSP?
>>
>> No, most (all?) don't.
>>
>>> Is this setting the bar too high?
>>
>> No, I don't think it is.
>>
>>> (It just seems odd that a whole bunch of stuff is "by
>> contract between
>>> SP and enterprise" but that enterprise must not just verify
>> but also
>>> validate the certificate presented by the SP.)
>>
>> SCVP (rfc5055) provides 2 mechanisms (DVP and DPD) for the
>> whole "policy thing" (validation, verification, path
>> discoovery, etc) to be offloaded to a seperate (set of)
>> servers somewhere, and would be a good choice for this sort
>> of thing, although this isn't (not should
>> be) in the scope of 1.1.
>>
>> ~ Theo
>>
>
> _______________________________________________
> techwg mailing list
> Send mail to: techwg at sipforum.org
> Unsubscribe or edit options at:  http://sipforum.org/mailman/listinfo/techwg

More information about the techwg mailing list