On Fri, Nov 21, 2008 at 3:11 PM, Elwell, John <john.elwell@xxxxxxxxxxx> wrote: > "If a registrar receives a REGISTER request containing a > P-Asserted-Identity header field, it MUST disregard the asserted > identity unless received over a secure transport from a node within the > Trust Domain. Otherwise it MAY use this as evidence that the registering > UA has been authenticated as representing the identity asserted in the > header field." > > I think we may need to delete the second sentence. I don't like the first sentence :-) we might want to run our registrars on a private vlan with REGISTER messages routed via a proxy that is multi homed on public and private vlans and does the security checks for PAI. so there is not necessarily a secure transport (i.e TLS) between the proxy and registrar, but due to network design PAI in REGISTER can be trusted. ~ Theo -- Theo Zourzouvillys Chief Technical Officer VoIP.co.uk - Commerce House, Telford Road, Bicester, OX26 4LD Tel: +44 1908 764 196 _______________________________________________ Sipping mailing list https://www.ietf.org/mailman/listinfo/sipping This list is for NEW development of the application of SIP Use sip-implementors@xxxxxxxxxxxxxxx for questions on current sip Use sip@xxxxxxxx for new developments of core SIP
