29 Oct
2013
29 Oct
'13
11:58 a.m.
On Tue, Oct 29, 2013 at 11:29 AM, Olle E. Johansson <oej(a)edvina.net> wrote:
On 29 Oct 2013, at 13:38, Charles Chance <charles.chance(a)sipcentric.com>
wrote:
I agree with Olle that the common "pass the buck" attitude is wrong,
although in this case I don't believe securing the messages should be
mandatory. Often the communication between servers will be over a
private/secure network and the user should be allowed to disable it if they
deem it an unnecessary overhead.
Is that another myth - the secure/private/inside network? :-)
Have you heard of IPsec?
Either way, the ability to use TLS where required is a
definite must, so
I'll go away and look into that now.
At least write the documentation so that most people believe that they have
to have TLS and work hard to disable it :-)
I am not convinced this is the right documentation style. I think
documentation should be balanced, it's IMHO better to explain what
options are available and not force a particular security mechanism
down people's throat.
-Jan