Skip to Content.
Sympa Menu

sip.edu - Re: [sip.edu] Kerberos based authentication for SIP

Subject: SIP in higher education

List archive

Re: [sip.edu] Kerberos based authentication for SIP


Chronological Thread 
  • From: Steve Blair <>
  • To:
  • Subject: Re: [sip.edu] Kerberos based authentication for SIP
  • Date: Mon, 03 Apr 2006 15:22:44 -0400



Steve Blair wrote:


Kerberos is dead. Give it a rest :-)

OK. Real red faced :-) That was meant as a joke for Shumon.

_Steve


Shumon Huque wrote:

On Mon, Apr 03, 2006 at 08:59:51AM -0700, Prashant Kumar wrote:

Sip identity draft is a very good option. However, using the Identity draft will not allow the use of Kerboros and will not help the existing Kerboros deployments.


Right, that was my point. SIP Identity helps in the general
interdomain authentication case.

I'm in favor of developing a Kerberos based authentication
mechanism that allows SIP user agents to authenticate themselves
to their *local* SIP registrar/proxy servers.

For end2end, Kerberos isn't enough. You additionally need to use something like SIP identity or some other federated authentication approach. Or PKI certificates at UAs with a globally trusted CA,
ugh! :-)

--Shumon.





Archive powered by MHonArc 2.6.16.

Top of Page