[Devel] Re: [Users] TLS setup

Juha Heinanen jh at tutpro.com
Mon Oct 10 20:58:49 CEST 2005


Bogdan-Andrei Iancu writes:

 > not sure, but maybe the certificated to be used should be selected based 
 > on the domain advertised in the received certificate. Like if you 
 > received a certificated advertising server1.com, you should use the 
 > client/server certificated you have with that domain....

i need to start reading tls specs to understand how certificates are
exchanged, but sip clients (like web clients) usually don't have their
own certificates.

in my opinion, it is not practical to assume that a company, say cisco, 
would submit private keying material of its domain cisco.com to
whoever party happens to host its sip proxy service.

a practical assumption would be that if sip srv record of cisco.com
points to sip.provider.com, then clients in domain cisco.com would
verify certificate of sip.provider.com.

-- juha



More information about the Devel mailing list