[Devel] SIP Identity support

Alexander Christ Alexander.Christ386 at web.de
Fri Mar 23 10:20:18 CET 2007 

Hello Klaus!

Yes, this is correct. So there is a problem, if you want to use this module in scenarios where rewriting of the message body (or other parts which will be signed) is needed.

regards
Alexander

Klaus Darilion wrote:

> Alexander Christ wrote:
> > Hello Klaus!
> > 
> > I know that there is the auth_identity module in ser. But I do not know much 
> > more about it. I have developed my module completely independent of this one.
> > 
> > I build the identity header using the original received message.
> 
> Thus, if the proxy rewrites the message (e.g. nathelper rewrites the 
> SDP) then the signature is wrong - correct?
> 
> klaus
> 
> > 
> > I am going to port it to devel version, write a (short) English documentation 
> > and upload it on the "patches" tracker within the next few days.
> > 
> > regards
> > Alexander
> > 
> > Am Donnerstag, 22. März 2007 17:26 schrieb Klaus Darilion:
> >> Hi Alexander!
> >>
> >> Great! Contributions are always welcome. Please upload the source code
> >> on the "patches" tracker on sourceforge:
> >> http://sourceforge.net/tracker/?group_id=139143&atid=743022
> >>
> >> btw: do you know about the auth_identity module in ser (which provides
> >> probably the some functionality) ? advantages/disadvantages?
> >>
> >> Do you build the identity header using the original received message or
> >> after all the message rewriting (lumps) have been applied?
> >>
> >> regards
> >> klaus
> >>
> >> Alexander Christ wrote:
> >>> Hello all!
> >>>
> >>> As part of my diploma thesis about SIP security, I have written a module
> >>> which adds support for SIP Identity (RFC 4474). I would like to publish
> >>> this module, if someone is interested.
> >>>
> >>> The module is written for version 1.1.0.
> >>>
> >>> There are 2 known limitations for the Verifier in this module:
> >>> 1.)Certificates are not downloaded. They have to be stored locally. (see
> >>> chapter 6 of RFC 4474)
> >>> 2.)Call-IDs of valid requests containing an Identity header are not
> >>> recorded. Hence the Verifier does not provide full replay protection.
> >>> (see section 13.1 of RFC 4474)
> >>>
> >>> At the moment documentation is in German, but I am going to make an
> >>> English translation.
> >>>
> >>> Regards
> >>> Alexander Christ
> >>>
> >>> ----
> >>> Alexander Christ - student at Cologne University of Applied Sciences
> >>> ----
> >>>
> >>> _______________________________________________
> >>> Devel mailing list
> >>> Devel at openser.org
> >>> http://openser.org/cgi-bin/mailman/listinfo/devel
> 


_______________________________________________________________
SMS schreiben mit WEB.DE FreeMail - einfach, schnell und
kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192

More information about the Devel mailing list