Eric,I have double checked with people about where things are in 3GPP and 3GPP2 and since you care to know the details, it is a somewhat complex story (actually not that complex). If DRM is involved, there are client certs, PKI and everything (although in case of broadcast TV, the story is different, the mobile operators may be trying to do away with PKIs in that context). But, clearly there is someone to pay for it so to speak; content business is a value-add.
For other purposes, people tell me that there were attempts in the past and they went no where (I haven't seen them and so I don't know the story for sure). Someone could try to make a proposal and build consensus now; the burden then is on the merits of the proposal. It doesn't hurt too much is not an incentive.
There are folks on this list who also contribute to PP and PP2. If you disagree with my notes above, please do let us know.
regards, Lakshminath On 6/7/2007 12:04 PM, Eric Rescorla wrote:
At Thu, 07 Jun 2007 11:26:44 -0700, Lakshminath Dondeti wrote:Thanks Matt. I know of cases where skipping the self-signed cert on the UAC side would be considered necessary. Broadly speaking whereas verifying server-side certs as in case of https is alright, client-side certs, self-signed or not, are not really viable at the moment.Can you provide more support for this claim? The problems with client auth in HTTPS are almost entirely due to user interface, but in the of DTLS-SRTP, they client auth is hidden under the covers of the implementation and so this is not an issue. -Ekr