[Users] Re: [Serusers] trusting peers

[Juha Heinanen]

Klaus Darilion writes:

 > *      validate domains in certifiacte with requests domain

 > * If I understand correctly, this part is missing in current
 > * implementation

what would that check mean?  proxy selects next hop proxy my manual
configuration or by srv lookup on host part of request uri.  then proxy
can verify server certificate of the next hop proxy.  i don't understand
what domains have to do with this.

 > Version A:
 >    1. Validate the From: domain in the SIP request against the domain 
 > name in the certificate. 

you cannot do this, because domain of certificate has nothing to do with
from domain.

-- juha