[VOIPSEC] Client authentication
mbaugher at cisco.com
Wed Apr 12 06:03:59 PDT 2006
If you don't use client certs then how can you tell who is on the other
side of the connection? I admit that sips does not offer great
security. But why use it at all if you are not going to control access
when making a connection. Wouldn't you require something like a site
On Apr 12, 2006, at 5:29 AM, Christoph Fürstaller wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> I'm testing SIPS for increased security during the call establishment.
> Is it a good idea to use client certs (for TLS connection)? Or is the
> effort to realice that to much? Cause the benefits from authenticating
> client only for the TLS connection isn't that much. Authenticating the
> client against a DB is done later on in the PBX, so authentication
> be done twice.
> What do you think about that?
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> -----END PGP SIGNATURE-----
> Voipsec mailing list
> Voipsec at voipsa.org
More information about the Voipsec