[SIPForum-discussion] End-to-End Authentication Using SIP

sunilkumar.verma at wipro.com sunilkumar.verma at wipro.com
Fri Jan 22 03:55:14 UTC 2010


I am not sure if I understood this clearly.
What I can understand is in a call scenario explained below, user A
wants to authenticate if it is contacting the right proxy or not?
Please correct me if this is wrong.

User A------------Proxy ------------User B

Now considering above scenario User A will contact the proxy using the
preconfigured outbound proxy or Route header. So at transport level we
need to ensure that the proxy we are contacting is correct or not.
Currently TLS is the mechanism where we can identify if the far end is
the trusted endpoint or not. Considering the Authentication, I don't
thin there is any RFC right now in this regard, if someone in the group
has any idea on the same, please let me know as well.

Bust considering the need, it is more important to Authenticate the
user(Client) as user moves across machines and hence authentication is

Sunil Verma

-----Original Message-----
From: discussion-bounces at sipforum.org
[mailto:discussion-bounces at sipforum.org] On Behalf Of Couret Tabt
Sent: Wednesday, January 20, 2010 8:00 PM
To: discussion at sipforum.org
Subject: [SIPForum-discussion] End-to-End Authentication Using SIP

Dear folks,

SIP has some mechanisms for hop by hop authentication.
For example,
REGISTER has user-sip server (e.g.registrar) authentication
mechanism and INVITE has sender-proxy authentication
mechanism in RFC3261.
In  RFC4474, we have the authentication mechanism
that a receiver(or receiver side proxy) authenticate a sender
using PKI system that has a sender side(usually sender
side proxy has it).

Then do you know how a receiver side proxy authenticate
a right receiver(that is NOT spoofed) and vice versa?

If it is possible, as a result, we make end-to-end
authentication in SIP, I think.

If you know any way or documents (proceedings, papers,...)
written about it, please let me know.

This is the SIP Forum discussion mailing list
TO UNSUBSCRIBE, or edit your delivery options, please visit
Post to the list at discussion at sipforum.org

More information about the discussion mailing list