На 19.08.11 00:58, Bauersachs Ingo написа:
You mean it's ready? That's awesome!!!!! Mucho cooool!
I can authenticate against my local Kamailio with the configured
certificates. So, yeah
Niiiiiiice This is awesome!
This is just the signalling part though ... right? Or does this
also include the SDES?
That is just logging in at a proxy/registrar with a TLS client
certificate, nothing about voice encryption at all (yet, that's what
I'm attacking next).
Also .. what's that thing with the smartcard there? Does it allow
reading a certificate from a card? How does it access it?
Yepp, it reads SmartCards (the selected entry SuisseID is actually a
SmartCard too). You can supply the .dll/.so of your PKCS#11 interface
as the keystore file. Java then accesses it through a JNI wrapper
(already included with the JRE) as a regular KeyStore.
Eeeer ... didn't get that. Who provides the .dll/.so? Is it part of or
somehow referenced by the the PFX file that I see in your third
screenshot in the previous mail?
A few quick thoughts:
1. Empty option on the first image should probably have a name?
E.g. "regular authentication" or "don't use a certificate" or
something like that. An empty entry seems somewhat ambiguous to
Yepp, I'll create that.
2. There seems to be a problem with the transparency in the panel
with the trusted root certificates source (second image).
Right, I saw that earlier and thought it magically disappeared. But
it's obviously just the crappy LCD in my notebook... Guess I have to
create a SIPCommRadioButton? Or is that thing already around
Yeah. I believe the SIPCommXXX components address that. Yana will
correct if I am wrong (maybe later though ... she must be half way
through the Atlantic now)
3. I think we could add a bit more text here too. Rather than just
saying they could be used for account configuration (which I am
afraid may sound somewhat cryptic to many uses), you might want to
give an example. Something like "... you can use these certificates
when authenticating with your SIP server for example or securing
your communication with it". WDYT?
What about: "The configurations managed here can be chosen as client
TLS certificates in the account configurations (e.g. to authenticate
with a certificate against your SIP provider instead of a username
OK sounds fine to me.