[VOIPSEC] Client authentication

Mark Baugher mbaugher at cisco.com
Wed Apr 12 06:03:59 PDT 2006


If you don't use client certs then how can you tell who is on the other 
side of the connection?  I admit that sips does not offer great 
security.  But why use it at all if you are not going to control access 
when making a connection.  Wouldn't you require something like a site 
cert?

Mark
On Apr 12, 2006, at 5:29 AM, Christoph Fürstaller wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> I'm testing SIPS for increased security during the call establishment.
>
> Is it a good idea to use client certs (for TLS connection)? Or is the
> effort to realice that to much? Cause the benefits from authenticating 
> a
> client only for the TLS connection isn't that much. Authenticating the
> client against a DB is done later on in the PBX, so authentication 
> would
> be done twice.
>
> What do you think about that?
>
> chris...
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFEPPKtR0exH8dhr/YRAoFcAKDGbRw7qVz/XNF7IMipfd//6KtuIQCgg9oQ
> sOPz+PX13wg7eRFrjXNfKQI=
> =6+DK
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>




More information about the Voipsec mailing list