On Oct 10, 2011, at 2:05 PM, Olle E. Johansson wrote: > After reading RFC 6072 I can't help to wonder how this works with an outbound proxy configured in the UA. > > For instance, using SIP Outbound we have two proxys that we keep an active flow to. RFC 6072 says that > the UA is required to have a direct connection to the certificate service in order to publish a key and certificate. > This is in order to be able to examine the servers certificate. > > Does this mean that a UA that follows RFC 6072 should override the pre-defined route in the UA and thus > also ignore the SIP outbound mechanism for this transaction? Those outbound guys and 6072 guys should really talk to each other :-) Yes, the implementation I have seen are just skipping the outbound proxy for managing their own credentials. The alternative is to use an outbound server that you trust at the same level as your credential server. I don't like this as much because even thought they are likely managed by the same domain, the credential server is probably a bit more carefully managed with less going on with it. _______________________________________________ Sipping mailing list https://www.ietf.org/mailman/listinfo/sipping This list is for NEW development of the application of SIP Use sip-implementors@xxxxxxxxxxxxxxx for questions on current sip Use sip@xxxxxxxx for new developments of core SIP
