[Users] Re: [Serusers] [Fwd: [Sip-implementors] TLS certificate question]
Juha Heinanen
jh at tutpro.com
Sat Oct 8 09:57:47 CEST 2005
Greger V. Teigre writes:
> I haven't read the RFC you are referring to, but
> in a proxy-proxy scenario, do you really validate against an uri?
> Shouldn't you validate the server and not the actual requests? (If
> the proxy is relaying on behalf of others) Also, whether you want to
> accept a request to another domain is not really on TLS level is it?
i'm not a TLS expert either, but i have been wondering if a proxy
serving multiple domains would need to have a client/server certificate
for each. i hope not.
in klaus' example, srv query on
_sips._tcp.example.com.
could return a server name in a domain foo.com. in proxy-to-proxy
scenario, it should suffice that both proxies have certificates for the
proxy hosts themselves and they don't need to have anything to do with
the domains in the uris of sip requests.
-- juha
More information about the sr-users
mailing list