8 Oct
2005
8 Oct
'05
10:57 a.m.
Greger V. Teigre writes:
I haven't read the RFC you are referring to, but
in a proxy-proxy scenario, do you really validate against an uri?
Shouldn't you validate the server and not the actual requests? (If
the proxy is relaying on behalf of others) Also, whether you want to
accept a request to another domain is not really on TLS level is it?
i'm not a TLS expert either, but i have been wondering if a proxy
serving multiple domains would need to have a client/server certificate
for each. i hope not.
in klaus' example, srv query on
_sips._tcp.example.com.
could return a server name in a domain foo.com. in proxy-to-proxy
scenario, it should suffice that both proxies have certificates for the
proxy hosts themselves and they don't need to have anything to do with
the domains in the uris of sip requests.
-- juha