thanks for aswer Federico, another, if the communication beetween asterisk and kamailio are using public ip, that password are easyl hackaeable?
yes, they are hackable, exactly like HTTP passwords. Easily, that depends who the hackers are.
Actually, the method used for password exchange is exactly the same as in http (nonce + md5).
If you use long enough passwords, is probably almost ok, if you can cope with the breach that can happen (eg: limit the expenses toward your ITSP gateway, with a cap, or prepaid).
If you are thinking about privacy, then password are completely useless with "normal" SIP: both signaling (who you call) and media (the sound of the conversation) are in clear, and can be listened by anyone (no password needed).
For real security (and privacy, etc) go for TLS and SRTP (ZRTP being the uber good).
-giovanni
i read rfc2617 but does are not clear respect security and seems SIP is not an easy protocol to secure due relationship beetween both are trusted or something similar?
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users